public/authoritative-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reorganize the config

Browse Source
This commit is contained in:
niten 2023-10-08 09:11:20 -07:00
parent a045355053
commit 2e5ee202bf
1 changed files with 76 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nsd.nix
View File

@ -86,7 +86,7 @@ let
configFile = pkgs.writeTextDir "nsd.conf" '' configFile = pkgs.writeTextDir "nsd.conf" ''
server: server:
chroot: "${stateDir}" chroot: "${stateDir}"
username: ${username} username: "${username}"
# The directory for zonefile: files. The daemon chdirs here. # The directory for zonefile: files. The daemon chdirs here.
zonesdir: "${stateDir}" zonesdir: "${stateDir}"
@ -978,7 +978,9 @@ in {
groups."${username}".gid = config.ids.gids.nsd; groups."${username}".gid = config.ids.gids.nsd;
}; };
systemd.services.nsd = { systemd = {
services = {
nsd = {
description = "NSD authoritative only domain name service"; description = "NSD authoritative only domain name service";
after = [ "network.target" ]; after = [ "network.target" ];
@ -1001,6 +1003,7 @@ in {
mkdir -m 0700 -p "${stateDir}/private" mkdir -m 0700 -p "${stateDir}/private"
mkdir -m 0700 -p "${stateDir}/tmp" mkdir -m 0700 -p "${stateDir}/tmp"
mkdir -m 0700 -p "${stateDir}/var" mkdir -m 0700 -p "${stateDir}/var"
mkdir -m 0711 -p "${stateDir}/run"
cat > "${stateDir}/don't touch anything in here" << EOF cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var and dnssec Everything in this directory except NSD's state in var and dnssec
@ -1011,6 +1014,7 @@ in {
chown ${username}:${username} -R "${stateDir}/private" chown ${username}:${username} -R "${stateDir}/private"
chown ${username}:${username} -R "${stateDir}/tmp" chown ${username}:${username} -R "${stateDir}/tmp"
chown ${username}:${username} -R "${stateDir}/var" chown ${username}:${username} -R "${stateDir}/var"
chown ${username}:${username} -R "${stateDir}/run"
rm -rf "${stateDir}/zones" rm -rf "${stateDir}/zones"
cp -rL "${nsdEnv}/zones" "${stateDir}/zones" cp -rL "${nsdEnv}/zones" "${stateDir}/zones"
@ -1019,19 +1023,7 @@ in {
''; '';
}; };
systemd.timers.nsd-dnssec = mkIf dnssec { services.nsd-dnssec = mkIf dnssec {
description = "Automatic DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];
timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};
systemd.services.nsd-dnssec = mkIf dnssec {
description = "DNSSEC key rollover"; description = "DNSSEC key rollover";
wantedBy = [ "nsd.service" ]; wantedBy = [ "nsd.service" ];
@ -1060,4 +1052,18 @@ in {
''; '';
}; };
}; };
timers.nsd-dnssec = mkIf dnssec {
description = "Automatic DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];
timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};
};
};
} }