alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixos/pdns-recursor: implement a settings option

Browse source
This commit is contained in:
rnhmjoj 2019-08-22 14:02:02 +02:00
parent e450699225
commit 92d956267a
No known key found for this signature in database
GPG key ID: BFBAF4C975F76450
1 changed files with 57 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
nixos/modules/services/networking/pdns-recursor.nix
View file

@ -6,25 +6,27 @@ let
dataDir = "/var/lib/pdns-recursor"; dataDir = "/var/lib/pdns-recursor";
username = "pdns-recursor"; username = "pdns-recursor";
cfg = config.services.pdns-recursor; cfg = config.services.pdns-recursor;
zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
configFile = pkgs.writeText "recursor.conf" '' oneOrMore = type: with types; either type (listOf type);
local-address=${cfg.dns.address} valueType = with types; oneOf [ int str bool path ];
local-port=${toString cfg.dns.port} configType = with types; attrsOf (nullOr (oneOrMore valueType));
allow-from=${concatStringsSep "," cfg.dns.allowFrom}
webserver-address=${cfg.api.address} toBool = val: if val then "yes" else "no";
webserver-port=${toString cfg.api.port} serialize = val: with types;
webserver-allow-from=${concatStringsSep "," cfg.api.allowFrom} if str.check val then val
else if int.check val then toString val
else if path.check val then toString val
else if bool.check val then toBool val
else if builtins.isList val then (concatMapStringsSep "," serialize val)
else "";
forward-zones=${concatStringsSep "," zones} configFile = pkgs.writeText "recursor.conf"
export-etc-hosts=${if cfg.exportHosts then "yes" else "no"} (concatStringsSep "\n"
dnssec=${cfg.dnssecValidation} (flip mapAttrsToList cfg.settings
serve-rfc1918=${if cfg.serveRFC1918 then "yes" else "no"} (name: val: "${name}=${serialize val}")));
${cfg.extraConfig} mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
'';
in { in {
options.services.pdns-recursor = { options.services.pdns-recursor = {
@ -117,17 +119,46 @@ in {
''; '';
}; };
extraConfig = mkOption { settings = mkOption {
type = types.lines; type = configType;
default = ""; default = { };
example = literalExample ''
{
loglevel = 8;
log-common-errors = true;
}
'';
description = '' description = ''
Extra options to be appended to the configuration file. PowerDNS Recursor settings. Use this option to configure Recursor
settings not exposed in a NixOS option or to bypass one.
See the full documentation at
<link xlink:href="https://doc.powerdns.com/recursor/settings.html"/>
for the available options.
''; '';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.pdns-recursor.settings = mkDefaultAttrs {
local-address = cfg.dns.address;
local-port = cfg.dns.port;
allow-from = cfg.dns.allowFrom;
webserver-address = cfg.api.address;
webserver-port = cfg.api.port;
webserver-allow-from = cfg.api.allowFrom;
forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
export-etc-hosts = cfg.exportHosts;
dnssec = cfg.dnssecValidation;
serve-rfc1918 = cfg.serveRFC1918;
log-timestamp = false;
disable-syslog = true;
};
users.users."${username}" = { users.users."${username}" = {
home = dataDir; home = dataDir;
createHome = true; createHome = true;
@ -150,8 +181,7 @@ in {
AmbientCapabilities = "cap_net_bind_service"; AmbientCapabilities = "cap_net_bind_service";
ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \ ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
--config-dir=${dataDir} \ --config-dir=${dataDir} \
--socket-dir=${dataDir} \ --socket-dir=${dataDir}
--disable-syslog
''; '';
}; };
@ -165,4 +195,10 @@ in {
''; '';
}; };
}; };
imports = [
(mkRemovedOptionModule [ "services" "pdns-recursor" "extraConfig" ]
"To change extra Recursor settings use services.pdns-recursor.settings instead.")
];
} }