{ config, lib, pkgs, ... }: with lib; let cfg = config.services.stubby; settingsFormat = pkgs.formats.yaml { }; confFile = settingsFormat.generate "stubby.yml" cfg.settings; in { imports = map (x: (mkRemovedOptionModule [ "services" "stubby" x ] "Stubby configuration moved to services.stubby.settings.")) [ "authenticationMode" "fallbackProtocols" "idleTimeout" "listenAddresses" "queryPaddingBlocksize" "roundRobinUpstreams" "subnetPrivate" "upstreamServers" ]; options = { services.stubby = { enable = mkEnableOption "Stubby DNS resolver"; settings = mkOption { type = types.attrsOf settingsFormat.type; example = lib.literalExpression '' pkgs.stubby.passthru.settingsExample // { upstream_recursive_servers = [{ address_data = "158.64.1.29"; tls_auth_name = "kaitain.restena.lu"; tls_pubkey_pinset = [{ digest = "sha256"; value = "7ftvIkA+UeN/ktVkovd/7rPZ6mbkhVI7/8HnFJIiLa4="; }]; }]; }; ''; description = '' Content of the Stubby configuration file. All Stubby settings may be set or queried here. The default settings are available at pkgs.stubby.passthru.settingsExample. See . A list of the public recursive servers can be found here: . ''; }; debugLogging = mkOption { default = false; type = types.bool; description = "Enable or disable debug level logging."; }; }; }; config = mkIf cfg.enable { assertions = [{ assertion = (cfg.settings.resolution_type or "") == "GETDNS_RESOLUTION_STUB"; message = '' services.stubby.settings.resolution_type must be set to "GETDNS_RESOLUTION_STUB". Is services.stubby.settings unset? ''; }]; services.stubby.settings.appdata_dir = "/var/cache/stubby"; systemd.services.stubby = { description = "Stubby local DNS resolver"; after = [ "network.target" ]; before = [ "nss-lookup.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "notify"; AmbientCapabilities = "CAP_NET_BIND_SERVICE"; CapabilityBoundingSet = "CAP_NET_BIND_SERVICE"; ExecStart = "${pkgs.stubby}/bin/stubby -C ${confFile} ${optionalString cfg.debugLogging "-l"}"; DynamicUser = true; CacheDirectory = "stubby"; }; }; }; }