From 0ddce8db12ad89d0c9a437128ad325322fd519e2 Mon Sep 17 00:00:00 2001
From: Emery Hemingway <emery@vfemail.net>
Date: Sun, 20 Apr 2014 11:16:36 -0400
Subject: [PATCH] unbound: update from 1.4.21 to 1.4.22, service from Upstart
to systemd
---
lib/maintainers.nix | 2 +-
nixos/modules/services/networking/unbound.nix | 119 ++++++++----------
pkgs/tools/networking/unbound/default.nix | 13 +-
3 files changed, 61 insertions(+), 73 deletions(-)
diff --git a/lib/maintainers.nix b/lib/maintainers.nix
index 80d0bed23dce..14f2f86ec5b7 100644
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -31,7 +31,7 @@
cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
- emery = "Emery Hemingawy <emery@vfemail.net>";
+ emery = "Emery Hemingway <emery@vfemail.net>";
ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
falsifian = "James Cook <james.cook@utoronto.ca>";
fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index 30ce4b49fa8d..415ff13bdda5 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -18,25 +18,25 @@ let
"forward-zone:\n name: .\n" +
concatMapStrings (x: " forward-addr: ${x}\n") cfg.forwardAddresses;
- confFile = pkgs.writeText "unbound.conf"
- ''
- server:
- directory: "${stateDir}"
- username: ${username}
- # make sure unbound can access entropy from inside the chroot.
- # e.g. on linux the use these commands (on BSD, devfs(8) is used):
- # mount --bind -n /dev/random /etc/unbound/dev/random
- # and mount --bind -n /dev/log /etc/unbound/dev/log
- chroot: "${stateDir}"
- # logfile: "${stateDir}/unbound.log" #uncomment to use logfile.
- pidfile: "${stateDir}/unbound.pid"
- verbosity: 1 # uncomment and increase to get more logging.
- # listen on all interfaces, answer queries from the local subnet.
+ confFile = pkgs.writeText "unbound.conf" ''
+ server:
+ directory: "${stateDir}"
+ username: ${username}
+ # make sure unbound can access entropy from inside the chroot.
+ # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+ # mount --bind -n /dev/random /etc/unbound/dev/random
+ # and mount --bind -n /dev/log /etc/unbound/dev/log
+ chroot: "${stateDir}"
+ # logfile: "${stateDir}/unbound.log" #uncomment to use logfile.
+ pidfile: "${stateDir}/unbound.pid"
+ verbosity: 1 # uncomment and increase to get more logging.
${interfaces}
${access}
- ${forward}
- ${cfg.extraConfig}
- '';
+
+ ${forward}
+
+ ${cfg.extraConfig}
+ '';
in
@@ -45,74 +45,61 @@ in
###### interface
options = {
-
services.unbound = {
enable = mkOption {
- default = false;
- description = "
- Whether to enable the Unbound domain name server.
- ";
+ default = false;
+ description = "Whether to enable the Unbound domain name server.";
};
allowedAccess = mkOption {
- default = ["127.0.0.0/24"];
- description = "
- What networks are allowed to use us as a resolver.
- ";
+ default = ["127.0.0.0/24"];
+ description = "What networks are allowed to use unbound as a resolver.";
};
interfaces = mkOption {
- default = [ "127.0.0.0" "::1" ];
- description = "
- What addresses the server should listen to.
- ";
+ default = [ "127.0.0.1" "::1" ];
+ description = "What addresses the server should listen on.";
};
forwardAddresses = mkOption {
- default = [ ];
- description = "
- What servers to forward the queries to.
- ";
+ default = [ ];
+ description = "What servers to forward queries to.";
};
extraConfig = mkOption {
- default = "";
- description = "
- Extra unbound config
- ";
+ default = "";
+ description = "Extra lines of unbound config.";
};
};
+ };
+
+ ###### implementation
+
+ config = mkIf cfg.enable {
+
+ environment.systemPackages = [ pkgs.unbound ];
+
+ users.extraUsers = singleton {
+ name = username;
+ uid = config.ids.uids.unbound;
+ description = "unbound daemon user";
+ home = stateDir;
+ createHome = true;
+ };
+
+ systemd.services.unbound = {
+ description="Unbound recursive Domain Name Server";
+ after = [ "network.target" ];
+ before = [ "nss-lookup.target" ];
+ wants = [" nss-lookup.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ path = [ pkgs.unbound ];
+ serviceConfig.ExecStart = "${pkgs.unbound}/sbin/unbound -d -c ${confFile}";
+ };
};
-
- ###### implementation
-
- config = mkIf config.services.unbound.enable {
- environment.systemPackages = [ pkgs.unbound ];
-
- users.extraUsers = singleton
- { name = username;
- uid = config.ids.uids.unbound;
- description = "unbound daemon user";
- home = "/tmp";
- };
-
- jobs.unbound =
- { description = "Unbound name server job";
-
- preStart =
- ''
- ${pkgs.coreutils}/bin/mkdir -p ${stateDir}
- '';
-
- daemonType = "fork";
-
- exec = "${pkgs.unbound}/sbin/unbound -c ${confFile}";
- };
-
- };
-
}
diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix
index d95c5b5f6bb0..376717bbf7a8 100644
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@@ -1,22 +1,23 @@
-{ stdenv, fetchurl, openssl, expat, libevent, ldns }:
+{ stdenv, fetchurl, openssl, expat, libevent }:
stdenv.mkDerivation rec {
- name = "unbound-1.4.21";
+ name = "unbound-1.4.22";
src = fetchurl {
url = "http://unbound.net/downloads/${name}.tar.gz";
- sha256 = "0w09m2rbn688rsk37k5xm3vkk5h2hxhivsr374j7h7vjf9x82bsh";
+ sha256 = "17yjly9c00zfgbzvllqzjh668a4yk6vrinf47yrcs3hrna0m1bqw";
};
- buildInputs = [openssl expat libevent ldns];
+ buildInputs = [openssl expat libevent];
configureFlags = [ "--with-ssl=${openssl}" "--with-libexpat=${expat}"
"--localstatedir=/var" ];
meta = {
description = "Validating, recursive, and caching DNS resolver";
- license = "BSD";
+ license = stdenv.lib.licenses.bsd3;
homepage = http://www.unbound.net;
- platforms = with stdenv.lib.platforms; linux;
+ maintainers = [ stdenv.lib.maintainers.emery ];
+ platforms = stdenv.lib.platforms.unix;
};
}