public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dnscrypt-proxy service: cosmetic enhancements

Browse Source
This commit is contained in:
Joachim Fasting 2016-03-23 20:41:49 +01:00
parent 9c274b4bef
commit 4001917359
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@ -5,14 +5,17 @@ let
apparmorEnabled = config.security.apparmor.enable; apparmorEnabled = config.security.apparmor.enable;
dnscrypt-proxy = pkgs.dnscrypt-proxy; dnscrypt-proxy = pkgs.dnscrypt-proxy;
cfg = config.services.dnscrypt-proxy; cfg = config.services.dnscrypt-proxy;
resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"; resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv";
localAddress = "${cfg.localAddress}:${toString cfg.localPort}"; localAddress = "${cfg.localAddress}:${toString cfg.localPort}";
daemonArgs = daemonArgs =
[ "--local-address=${localAddress}" [ "--local-address=${localAddress}"
(optionalString cfg.tcpOnly "--tcp-only") (optionalString cfg.tcpOnly "--tcp-only")
(optionalString cfg.ephemeralKeys "-E") (optionalString cfg.ephemeralKeys "-E")
] ]
++ resolverArgs; ++ resolverArgs;
resolverArgs = if (cfg.customResolver != null) resolverArgs = if (cfg.customResolver != null)
then then
[ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}" [ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}"
@ -50,7 +53,7 @@ in
services.dnsmasq.resolveLocalQueries = true; # this is the default services.dnsmasq.resolveLocalQueries = true; # this is the default
} }
</programlisting> </programlisting>
''; }; ''; };
localAddress = mkOption { localAddress = mkOption {
default = "127.0.0.1"; default = "127.0.0.1";
type = types.string; type = types.string;
@ -187,14 +190,18 @@ in
systemd.services.dnscrypt-proxy = { systemd.services.dnscrypt-proxy = {
description = "dnscrypt-proxy daemon"; description = "dnscrypt-proxy daemon";
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service"; after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service"; requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
NonBlocking = "true"; NonBlocking = "true";
ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
User = "dnscrypt-proxy"; User = "dnscrypt-proxy";
Group = "dnscrypt-proxy"; Group = "dnscrypt-proxy";
PrivateTmp = true; PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
}; };