dnsmasq: upgrade to 2.71, fixed dnsmasq module

* The module now has systemd config * Add resolveLocalQueries option which sets up it as a dns server for local host (including reasonable setup of resolvconf) * Add "dnsmasq" user for running daemon * Enabled dbus and dnssec support for the package Conflicts: nixos/modules/misc/ids.nix
2014-07-03 01:59:35 +03:00 · 2014-07-03 01:59:35 +03:00 · adbb9ff796
parent 1851efa1a7
commit adbb9ff796
4 changed files with 67 additions and 11 deletions
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@ -7,6 +7,9 @@ with lib;
 let

  cfg = config.networking;
+  dnsmasqResolve = config.services.dnsmasq.enable &&
+                   config.services.dnsmasq.resolveLocalQueries;
+  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;

 in

@ -74,9 +77,12 @@ in
            '' + optionalString cfg.dnsSingleRequest ''
              # only send one DNS request at a time
              resolv_conf_options='single-request'
-            '' + optionalString config.services.bind.enable ''
+            '' + optionalString hasLocalResolver ''
              # This hosts runs a full-blown DNS resolver.
              name_servers='127.0.0.1'
+            '' + optionalString dnsmasqResolve ''
+              dnsmasq_conf=/etc/dnsmasq-conf.conf
+              dnsmasq_resolv=/etc/dnsmasq-resolv.conf
            '';
      };

--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -148,6 +148,7 @@
      riemanndash = 138;
      radvd = 139;
      zookeeper = 140;
+      dnsmasq = 141;

      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

--- a/nixos/modules/services/networking/dnsmasq.nix
+++ b/nixos/modules/services/networking/dnsmasq.nix
@ -6,10 +6,12 @@ let
  cfg = config.services.dnsmasq;
  dnsmasq = pkgs.dnsmasq;

-  serversParam = concatMapStrings (s: "-S ${s} ") cfg.servers;
-
  dnsmasqConf = pkgs.writeText "dnsmasq.conf" ''
-    ${cfg.extraConfig}
+    ${optionalString cfg.resolveLocalQueries ''
+      conf-file=/etc/dnsmasq-conf.conf
+      resolv-file=/etc/dnsmasq-resolv.conf
+    ''}
+      ${cfg.extraConfig}
  '';

 in
@ -29,6 +31,14 @@ in
        '';
      };

+      resolveLocalQueries = mkOption {
+        default = true;
+        description = ''
+          Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to
+          /etc/resolv.conf)
+        '';
+      };
+
      servers = mkOption {
        default = [];
        example = [ "8.8.8.8" "8.8.4.4" ];
@ -37,6 +47,8 @@ in
        '';
      };

+
+
      extraConfig = mkOption {
        type = types.string;
        default = "";
@ -55,16 +67,31 @@ in

  config = mkIf config.services.dnsmasq.enable {

-    jobs.dnsmasq =
-      { description = "dnsmasq daemon";
+    environment.systemPackages = [ dnsmasq ]
+      ++ (if cfg.resolveLocalQueries then [ pkgs.openresolv ] else []);

-        startOn = "ip-up";
+    services.dbus.packages = [ dnsmasq ];

-        daemonType = "daemon";
-
-        exec = "${dnsmasq}/bin/dnsmasq -R ${serversParam} -o -C ${dnsmasqConf}";
+    users.extraUsers = singleton
+      { name = "dnsmasq";
+        uid = config.ids.uids.dnsmasq;
+        description = "Dnsmasq daemon user";
+        home = "/var/empty";
      };

+    systemd.services.dnsmasq = {
+        description = "dnsmasq daemon";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "dbus";
+          BusName = "uk.org.thekelleys.dnsmasq";
+          ExecStartPre = "${dnsmasq}/bin/dnsmasq --test";
+          ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
+          ExecReload = "${dnsmasq}/bin/kill -HUP $MAINPID";
+        };
+    };
+
  };

 }
--- a/pkgs/tools/networking/dnsmasq/default.nix
+++ b/pkgs/tools/networking/dnsmasq/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchurl }:
+{ pkgconfig, dbus_libs, nettle, stdenv, fetchurl }:

 stdenv.mkDerivation rec {
  name = "dnsmasq-2.71";
@ -8,8 +8,30 @@ stdenv.mkDerivation rec {
    sha256 = "1fpzpzja7qr8b4kfdhh4i4sijp62c634yf0xvq2n4p7d5xbzn6a9";
  };

+  # Can't rely on make flags because of space in one of the parameters
+  buildPhase = ''
+    make COPTS="-DHAVE_DNSSEC -DHAVE_DBUS"
+  '';
+
+  # make flags used for installation only
  makeFlags = "DESTDIR= BINDIR=$(out)/bin MANDIR=$(out)/man LOCALEDIR=$(out)/share/locale";

+  postInstall = ''
+    install -Dm644 dbus/dnsmasq.conf $out/etc/dbus-1/system.d/dnsmasq.conf
+    install -Dm644 trust-anchors.conf $out/share/dnsmasq/trust-anchors.conf
+
+    ensureDir $out/share/dbus-1/system-services
+    cat <<END > $out/share/dbus-1/system-services/uk.org.thekelleys.dnsmasq.service
+    [D-BUS Service]
+    Name=uk.org.thekelleys.dnsmasq
+    Exec=$out/sbin/dnsmasq -k -1
+    User=root
+    SystemdService=dnsmasq.service
+    END
+  '';
+
+  buildInputs = [ pkgconfig dbus_libs nettle ];
+
  meta = {
    description = "An integrated DNS, DHCP and TFTP server for small networks";
    homepage = http://www.thekelleys.org.uk/dnsmasq/doc.html;