51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
|
||
|
|
with lib;
|
||
|
|
|
||
|
|
let
|
||
|
|
cfg = config.services.coredns;
|
||
|
|
configFile = pkgs.writeText "Corefile" cfg.config;
|
||
|
|
in {
|
||
|
|
options.services.coredns = {
|
||
|
|
enable = mkEnableOption "Coredns dns server";
|
||
|
|
|
||
|
|
config = mkOption {
|
||
|
|
default = "";
|
||
|
|
example = ''
|
||
|
|
. {
|
||
|
|
whoami
|
||
|
|
}
|
||
|
|
'';
|
||
|
|
type = types.lines;
|
||
|
|
description = "Verbatim Corefile to use. See <link xlink:href=\"https://coredns.io/manual/toc/#configuration\"/> for details.";
|
||
|
|
};
|
||
|
|
|
||
|
|
package = mkOption {
|
||
|
|
default = pkgs.coredns;
|
||
|
|
defaultText = "pkgs.coredns";
|
||
|
|
type = types.package;
|
||
|
|
description = "Coredns package to use.";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
config = mkIf cfg.enable {
|
||
|
|
systemd.services.coredns = {
|
||
|
|
description = "Coredns dns server";
|
||
|
|
after = [ "network.target" ];
|
||
|
|
wantedBy = [ "multi-user.target" ];
|
||
|
|
serviceConfig = {
|
||
|
|
PermissionsStartOnly = true;
|
||
|
|
LimitNPROC = 512;
|
||
|
|
LimitNOFILE = 1048576;
|
||
|
|
CapabilityBoundingSet = "cap_net_bind_service";
|
||
|
|
AmbientCapabilities = "cap_net_bind_service";
|
||
|
|
NoNewPrivileges = true;
|
||
|
|
DynamicUser = true;
|
||
|
|
ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}";
|
||
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID";
|
||
|
|
Restart = "on-failure";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
};
|
||
|
|
}
|