Merge pull request #78392 from Mic92/kresd-doh
knot-resolver: add doh support
This commit is contained in:
Jörg Thalheim
GitHub
commit
40e51d2092
@ -56,6 +56,7 @@ in {
|
|||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = pkgs.knot-dns;
|
default = pkgs.knot-dns;
|
||||||
|
defaultText = "pkgs.knot-dns";
|
||||||
description = ''
|
description = ''
|
||||||
Which Knot DNS package to use
|
Which Knot DNS package to use
|
||||||
'';
|
'';
|
||||||
@ -92,4 +93,3 @@ in {
|
|||||||
environment.systemPackages = [ knot-cli-wrappers ];
|
environment.systemPackages = [ knot-cli-wrappers ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -5,12 +5,15 @@ with lib;
|
|||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.services.kresd;
|
cfg = config.services.kresd;
|
||||||
package = pkgs.knot-resolver;
|
configFile = pkgs.writeText "kresd.conf" ''
|
||||||
|
${optionalString (cfg.listenDoH != []) "modules.load('http')"}
|
||||||
|
${cfg.extraConfig};
|
||||||
|
'';
|
||||||
|
|
||||||
configFile = pkgs.writeText "kresd.conf" cfg.extraConfig;
|
package = pkgs.knot-resolver.override {
|
||||||
in
|
extraFeatures = cfg.listenDoH != [];
|
||||||
|
};
|
||||||
{
|
in {
|
||||||
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
@ -67,6 +70,15 @@ in
|
|||||||
For detailed syntax see ListenStream in man systemd.socket.
|
For detailed syntax see ListenStream in man systemd.socket.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
listenDoH = mkOption {
|
||||||
|
type = with types; listOf str;
|
||||||
|
default = [];
|
||||||
|
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
|
||||||
|
description = ''
|
||||||
|
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
|
||||||
|
For detailed syntax see ListenStream in man systemd.socket.
|
||||||
|
'';
|
||||||
|
};
|
||||||
# TODO: perhaps options for more common stuff like cache size or forwarding
|
# TODO: perhaps options for more common stuff like cache size or forwarding
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -104,6 +116,18 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
before = wantedBy;
|
||||||
|
partOf = [ "kresd.socket" ];
|
||||||
|
listenStreams = cfg.listenDoH;
|
||||||
|
socketConfig = {
|
||||||
|
FileDescriptorName = "doh";
|
||||||
|
FreeBind = true;
|
||||||
|
Service = "kresd.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.sockets.kresd-control = rec {
|
systemd.sockets.kresd-control = rec {
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
before = wantedBy;
|
before = wantedBy;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user