Merge pull request #89772 from rnhmjoj/dnschain

dnschain: remove
2020-06-13 13:37:02 +02:00 · 2020-06-13 13:37:02 +02:00 · 1d924f0354
parent b46fba4515 8fa6c0d12d
commit 1d924f0354
7 changed files with 8 additions and 201 deletions
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@ -461,6 +461,14 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
     initrd file has not been deleted.
    </para>
   </listitem>
   <listitem>
    <para>
     The <link xlink:href="https://github.com/okTurtles/dnschain">DNSChain</link>
     package and NixOS module have been removed from Nixpkgs as the software is
     unmaintained and can't be built. For more information see issue
     <link xlink:href="https://github.com/NixOS/nixpkgs/issues/89205">#89205</link>.
    </para>
   </listitem>
  </itemizedlist>
 </section>
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -239,7 +239,6 @@ in
      shout = 206;
      gateone = 207;
      namecoin = 208;
      dnschain = 209;
      #lxd = 210; # unused
      kibana = 211;
      xtreemfs = 212;
@ -549,7 +548,6 @@ in
      #shout = 206; #unused
      gateone = 207;
      namecoin = 208;
      #dnschain = 209; #unused
      lxd = 210; # unused
      #kibana = 211;
      xtreemfs = 212;
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -602,7 +602,6 @@
  ./services/networking/dhcpcd.nix
  ./services/networking/dhcpd.nix
  ./services/networking/dnscache.nix
  ./services/networking/dnschain.nix
  ./services/networking/dnscrypt-proxy2.nix
  ./services/networking/dnscrypt-wrapper.nix
  ./services/networking/dnsdist.nix
--- a/nixos/modules/services/networking/dnschain.nix
+++ b/nixos/modules/services/networking/dnschain.nix
@ -1,184 +0,0 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfgs = config.services;
  cfg  = cfgs.dnschain;
  dataDir  = "/var/lib/dnschain";
  username = "dnschain";
  configFile = pkgs.writeText "dnschain.conf" ''
    [log]
    level = info
    [dns]
    host = ${cfg.dns.address}
    port = ${toString cfg.dns.port}
    oldDNSMethod = NO_OLD_DNS
    externalIP = ${cfg.dns.externalAddress}
    [http]
    host = ${cfg.api.hostname}
    port = ${toString cfg.api.port}
    tlsPort = ${toString cfg.api.tlsPort}
    ${cfg.extraConfig}
  '';
 in
 {
  ###### interface
  options = {
    services.dnschain = {
      enable = mkEnableOption ''
        DNSChain, a blockchain based DNS + HTTP server.
        To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
        and an RPC username/password.
      '';
      dns.address = mkOption {
        type = types.str;
        default = "127.0.0.1";
        description = ''
          The IP address the DNSChain resolver will bind to.
          Leave this unchanged if you do not wish to directly expose the resolver.
        '';
      };
      dns.externalAddress = mkOption {
        type = types.str;
        default = cfg.dns.address;
        description = ''
           The IP address used by clients to reach the resolver and the value of
           the <literal>namecoin.dns</literal> record. Set this in case the bind address
           is not the actual IP address (e.g. the machine is behind a NAT).
        '';
      };
      dns.port = mkOption {
        type = types.int;
        default = 5333;
        description = ''
          The port the DNSChain resolver will bind to.
        '';
      };
      api.hostname = mkOption {
        type = types.str;
        default = "0.0.0.0";
        description = ''
          The hostname (or IP address) the DNSChain API server will bind to.
        '';
      };
      api.port = mkOption {
        type = types.int;
        default = 8080;
        description = ''
          The port the DNSChain API server (HTTP) will bind to.
        '';
      };
      api.tlsPort = mkOption {
        type = types.int;
        default = 4433;
        description = ''
          The port the DNSChain API server (HTTPS) will bind to.
        '';
      };
      extraConfig = mkOption {
        type = types.lines;
        default = "";
        example = ''
          [log]
          level = debug
        '';
        description = ''
          Additional options that will be appended to the configuration file.
        '';
      };
    };
    services.dnsmasq.resolveDNSChainQueries = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
      '';
    };
    services.pdns-recursor.resolveDNSChainQueries = mkOption {
      type = types.bool;
      default = false;
      description = ''
        Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
      '';
    };
  };
  ###### implementation
  config = mkIf cfg.enable {
    services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
      [ "/.bit/127.0.0.1#${toString cfg.dns.port}"
        "/.dns/127.0.0.1#${toString cfg.dns.port}"
      ];
    services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveDNSChainQueries {
      forwardZonesRecurse =
        { bit = "127.0.0.1:${toString cfg.dns.port}";
          dns = "127.0.0.1:${toString cfg.dns.port}";
        };
      luaConfig =''
        addNTA("bit", "namecoin doesn't support DNSSEC")
        addNTA("dns", "namecoin doesn't support DNSSEC")
      '';
    };
    users.users.${username} = {
      description = "DNSChain daemon user";
      home = dataDir;
      createHome = true;
      uid = config.ids.uids.dnschain;
      extraGroups = optional cfgs.namecoind.enable "namecoin";
    };
    systemd.services.dnschain = {
      description = "DNSChain daemon";
      after    = optional cfgs.namecoind.enable "namecoind.target";
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        User = "dnschain";
        Restart = "on-failure";
        ExecStart = "${pkgs.nodePackages.dnschain}/bin/dnschain";
      };
      preStart = ''
        # Link configuration file into dnschain home directory
        configPath=${dataDir}/.dnschain/dnschain.conf
        mkdir -p ${dataDir}/.dnschain
        if [ "$(realpath $configPath)" != "${configFile}" ]; then
          rm -f $configPath
          ln -s ${configFile} $configPath
        fi
      '';
    };
  };
  meta.maintainers = with lib.maintainers; [ rnhmjoj ];
 }
--- a/nixos/modules/services/networking/namecoind.nix
+++ b/nixos/modules/services/networking/namecoind.nix
@ -149,11 +149,6 @@ in
  config = mkIf cfg.enable {
    services.dnschain.extraConfig = ''
      [namecoin]
      config = ${configFile}
    '';
    users.users.namecoin = {
      uid  = config.ids.uids.namecoin;
      description = "Namecoin daemon user";
--- a/pkgs/development/node-packages/default.nix
+++ b/pkgs/development/node-packages/default.nix
@ -39,14 +39,6 @@ let
      meta.broken = since "12";
    };
    dnschain = super.dnschain.override {
      buildInputs = [ pkgs.makeWrapper super.coffee-script ];
      postInstall = ''
        wrapProgram $out/bin/dnschain --suffix PATH : ${pkgs.openssl.bin}/bin
      '';
      meta.broken = since "14";
    };
    bitwarden-cli = pkgs.lib.overrideDerivation super."@bitwarden/cli" (drv: {
      name = "bitwarden-cli-${drv.version}";
    });
--- a/pkgs/development/node-packages/node-packages.json
+++ b/pkgs/development/node-packages/node-packages.json
@ -60,7 +60,6 @@
 , "csslint"
 , "dat"
 , "dhcp"
 , "dnschain"
 , "dockerfile-language-server-nodejs"
 , "elasticdump"
 , "elm-oracle"