nixpkgs/nixos/modules/services/networking/dnsdist.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.dnsdist;
  configFile = pkgs.writeText "dndist.conf" ''
    setLocal('${cfg.listenAddress}:${toString cfg.listenPort}')
    ${cfg.extraConfig}
    '';
in {
  options = {
    services.dnsdist = {
      enable = mkEnableOption "dnsdist domain name server";

      listenAddress = mkOption {
        type = types.str;
        description = "Listen IP Address";
        default = "0.0.0.0";
      };
      listenPort = mkOption {
        type = types.int;
        description = "Listen port";
        default = 53;
      };

      extraConfig = mkOption {
        type = types.lines;
        default = ''
        '';
        description = ''
          Extra lines to be added verbatim to dnsdist.conf.
        '';
      };
    };
  };

  config = mkIf config.services.dnsdist.enable {
    systemd.services.dnsdist = {
      description = "dnsdist load balancer";
      wantedBy = [ "multi-user.target" ];
      after = ["network.target"];

      serviceConfig = {
        Restart="on-failure";
        RestartSec="1";
        DynamicUser = true;
        StartLimitInterval="0";
        PrivateTmp=true;
        PrivateDevices=true;
        CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";
        ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";
        ProtectSystem="full";
        ProtectHome=true;
        RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
        LimitNOFILE="16384";
        TasksMax="8192";
      };
    };
  };
}
nixos/dnsdist: initial service 2018-03-17 19:05:27 -04:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`
			`cfg = config.services.dnsdist;`
			`configFile = pkgs.writeText "dndist.conf" ''`
			`setLocal('${cfg.listenAddress}:${toString cfg.listenPort}')`
			`${cfg.extraConfig}`
			`'';`
			`in {`
			`options = {`
			`services.dnsdist = {`
			`enable = mkEnableOption "dnsdist domain name server";`

			`listenAddress = mkOption {`
			`type = types.str;`
			`description = "Listen IP Address";`
			`default = "0.0.0.0";`
			`};`
			`listenPort = mkOption {`
			`type = types.int;`
			`description = "Listen port";`
			`default = 53;`
			`};`

			`extraConfig = mkOption {`
			`type = types.lines;`
			`default = ''`
			`'';`
			`description = ''`
			`Extra lines to be added verbatim to dnsdist.conf.`
			`'';`
			`};`
			`};`
			`};`

			`config = mkIf config.services.dnsdist.enable {`
			`systemd.services.dnsdist = {`
			`description = "dnsdist load balancer";`
			`wantedBy = [ "multi-user.target" ];`
			`after = ["network.target"];`

			`serviceConfig = {`
			`Restart="on-failure";`
			`RestartSec="1";`
			`DynamicUser = true;`
			`StartLimitInterval="0";`
			`PrivateTmp=true;`
			`PrivateDevices=true;`
			`CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID";`
			`ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}";`
			`ProtectSystem="full";`
			`ProtectHome=true;`
			`RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";`
			`LimitNOFILE="16384";`
			`TasksMax="8192";`
			`};`
			`};`
			`};`
			`}`