Reorganize the config

2023-10-08 09:11:20 -07:00 · 2023-10-08 09:11:20 -07:00 · 2e5ee202bf
parent a045355053
commit 2e5ee202bf
1 changed files with 76 additions and 70 deletions
--- a/nsd.nix
+++ b/nsd.nix
@ -86,7 +86,7 @@ let
  configFile = pkgs.writeTextDir "nsd.conf" ''
    server:
      chroot:   "${stateDir}"
-      username: ${username}
+      username: "${username}"

      # The directory for zonefile: files. The daemon chdirs here.
      zonesdir: "${stateDir}"
@ -978,7 +978,9 @@ in {
      groups."${username}".gid = config.ids.gids.nsd;
    };

-    systemd.services.nsd = {
+    systemd = {
+      services = {
+        nsd = {
          description = "NSD authoritative only domain name service";

          after = [ "network.target" ];
@ -1001,6 +1003,7 @@ in {
            mkdir -m 0700 -p "${stateDir}/private"
            mkdir -m 0700 -p "${stateDir}/tmp"
            mkdir -m 0700 -p "${stateDir}/var"
+            mkdir -m 0711 -p "${stateDir}/run"

            cat > "${stateDir}/don't touch anything in here" << EOF
            Everything in this directory except NSD's state in var and dnssec
@ -1011,6 +1014,7 @@ in {
            chown ${username}:${username} -R "${stateDir}/private"
            chown ${username}:${username} -R "${stateDir}/tmp"
            chown ${username}:${username} -R "${stateDir}/var"
+            chown ${username}:${username} -R "${stateDir}/run"

            rm -rf "${stateDir}/zones"
            cp -rL "${nsdEnv}/zones" "${stateDir}/zones"
@ -1019,19 +1023,7 @@ in {
          '';
        };

-    systemd.timers.nsd-dnssec = mkIf dnssec {
-      description = "Automatic DNSSEC key rollover";
-
-      wantedBy = [ "nsd.service" ];
-      before = [ "nsd.service" ];
-
-      timerConfig = {
-        OnActiveSec = cfg.dnssecInterval;
-        OnUnitActiveSec = cfg.dnssecInterval;
-      };
-    };
-
-    systemd.services.nsd-dnssec = mkIf dnssec {
+        services.nsd-dnssec = mkIf dnssec {
          description = "DNSSEC key rollover";

          wantedBy = [ "nsd.service" ];
@ -1060,4 +1052,18 @@ in {
          '';
        };
      };
+
+      timers.nsd-dnssec = mkIf dnssec {
+        description = "Automatic DNSSEC key rollover";
+
+        wantedBy = [ "nsd.service" ];
+        before = [ "nsd.service" ];
+
+        timerConfig = {
+          OnActiveSec = cfg.dnssecInterval;
+          OnUnitActiveSec = cfg.dnssecInterval;
+        };
+      };
+    };
+  };
 }