nixos/pdns-recursor: implement a `settings` option (#67251)
nixos/pdns-recursor: implement a `settings` option
This commit is contained in:
Silvan Mosberger
GitHub
commit
210756a450
|
|
@ -284,6 +284,13 @@
|
||||||
Squid 3 has been removed and the <option>squid</option> derivation now refers to Squid 4.
|
Squid 3 has been removed and the <option>squid</option> derivation now refers to Squid 4.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <option>services.pdns-recursor.extraConfig</option> option has been replaced by
|
||||||
|
<option>services.pdns-recursor.settings</option>. The new option allows setting extra
|
||||||
|
configuration while being better type-checked and mergeable.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,25 +6,27 @@ let
|
||||||
dataDir = "/var/lib/pdns-recursor";
|
dataDir = "/var/lib/pdns-recursor";
|
||||||
username = "pdns-recursor";
|
username = "pdns-recursor";
|
||||||
|
|
||||||
cfg = config.services.pdns-recursor;
|
cfg = config.services.pdns-recursor;
|
||||||
zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
|
|
||||||
|
|
||||||
configFile = pkgs.writeText "recursor.conf" ''
|
oneOrMore = type: with types; either type (listOf type);
|
||||||
local-address=${cfg.dns.address}
|
valueType = with types; oneOf [ int str bool path ];
|
||||||
local-port=${toString cfg.dns.port}
|
configType = with types; attrsOf (nullOr (oneOrMore valueType));
|
||||||
allow-from=${concatStringsSep "," cfg.dns.allowFrom}
|
|
||||||
|
|
||||||
webserver-address=${cfg.api.address}
|
toBool = val: if val then "yes" else "no";
|
||||||
webserver-port=${toString cfg.api.port}
|
serialize = val: with types;
|
||||||
webserver-allow-from=${concatStringsSep "," cfg.api.allowFrom}
|
if str.check val then val
|
||||||
|
else if int.check val then toString val
|
||||||
|
else if path.check val then toString val
|
||||||
|
else if bool.check val then toBool val
|
||||||
|
else if builtins.isList val then (concatMapStringsSep "," serialize val)
|
||||||
|
else "";
|
||||||
|
|
||||||
forward-zones=${concatStringsSep "," zones}
|
configFile = pkgs.writeText "recursor.conf"
|
||||||
export-etc-hosts=${if cfg.exportHosts then "yes" else "no"}
|
(concatStringsSep "\n"
|
||||||
dnssec=${cfg.dnssecValidation}
|
(flip mapAttrsToList cfg.settings
|
||||||
serve-rfc1918=${if cfg.serveRFC1918 then "yes" else "no"}
|
(name: val: "${name}=${serialize val}")));
|
||||||
|
|
||||||
${cfg.extraConfig}
|
mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
|
||||||
'';
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
options.services.pdns-recursor = {
|
options.services.pdns-recursor = {
|
||||||
|
|
@ -117,17 +119,55 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
extraConfig = mkOption {
|
settings = mkOption {
|
||||||
|
type = configType;
|
||||||
|
default = { };
|
||||||
|
example = literalExample ''
|
||||||
|
{
|
||||||
|
loglevel = 8;
|
||||||
|
log-common-errors = true;
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
description = ''
|
||||||
|
PowerDNS Recursor settings. Use this option to configure Recursor
|
||||||
|
settings not exposed in a NixOS option or to bypass one.
|
||||||
|
See the full documentation at
|
||||||
|
<link xlink:href="https://doc.powerdns.com/recursor/settings.html"/>
|
||||||
|
for the available options.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
luaConfig = mkOption {
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
default = "";
|
default = "";
|
||||||
description = ''
|
description = ''
|
||||||
Extra options to be appended to the configuration file.
|
The content Lua configuration file for PowerDNS Recursor. See
|
||||||
|
<link xlink:href="https://doc.powerdns.com/recursor/lua-config/index.html"/>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
services.pdns-recursor.settings = mkDefaultAttrs {
|
||||||
|
local-address = cfg.dns.address;
|
||||||
|
local-port = cfg.dns.port;
|
||||||
|
allow-from = cfg.dns.allowFrom;
|
||||||
|
|
||||||
|
webserver-address = cfg.api.address;
|
||||||
|
webserver-port = cfg.api.port;
|
||||||
|
webserver-allow-from = cfg.api.allowFrom;
|
||||||
|
|
||||||
|
forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
|
||||||
|
export-etc-hosts = cfg.exportHosts;
|
||||||
|
dnssec = cfg.dnssecValidation;
|
||||||
|
serve-rfc1918 = cfg.serveRFC1918;
|
||||||
|
lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig;
|
||||||
|
|
||||||
|
log-timestamp = false;
|
||||||
|
disable-syslog = true;
|
||||||
|
};
|
||||||
|
|
||||||
users.users."${username}" = {
|
users.users."${username}" = {
|
||||||
home = dataDir;
|
home = dataDir;
|
||||||
createHome = true;
|
createHome = true;
|
||||||
|
|
@ -150,8 +190,7 @@ in {
|
||||||
AmbientCapabilities = "cap_net_bind_service";
|
AmbientCapabilities = "cap_net_bind_service";
|
||||||
ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
|
ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
|
||||||
--config-dir=${dataDir} \
|
--config-dir=${dataDir} \
|
||||||
--socket-dir=${dataDir} \
|
--socket-dir=${dataDir}
|
||||||
--disable-syslog
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -165,4 +204,10 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkRemovedOptionModule [ "services" "pdns-recursor" "extraConfig" ]
|
||||||
|
"To change extra Recursor settings use services.pdns-recursor.settings instead.")
|
||||||
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue