public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: implement socket-activation for dnscrypt-proxy

Browse Source 
The socket definition is derived from upstream with the
exception that it does not depend on network.target, as
this creates a cycle between basic.target and sockets.target.

The apparmor profile has been updated to account for additional
runtime dependencies introduced by enabling systemd support.
This commit is contained in:
Joachim Fasting 2015-03-07 19:13:12 +01:00
parent 114cb31b65
commit 823bb5dd4d
1 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
nixos/modules/services/networking/dnscrypt-proxy.nix
View File

@ -7,8 +7,7 @@ let
cfg = config.services.dnscrypt-proxy; cfg = config.services.dnscrypt-proxy;
uid = config.ids.uids.dnscrypt-proxy; uid = config.ids.uids.dnscrypt-proxy;
daemonArgs = daemonArgs =
[ "--daemonize" [ "--user=dnscrypt-proxy"
"--user=dnscrypt-proxy"
"--local-address=${cfg.localAddress}:${toString cfg.port}" "--local-address=${cfg.localAddress}:${toString cfg.port}"
(optionalString cfg.tcpOnly "--tcp-only") (optionalString cfg.tcpOnly "--tcp-only")
"--resolvers-list=${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv" "--resolvers-list=${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
@ -114,6 +113,10 @@ in
${dnscrypt-proxy}/share/dnscrypt-proxy/** r, ${dnscrypt-proxy}/share/dnscrypt-proxy/** r,
${pkgs.gcc.cc}/lib/libssp.so.* mr, ${pkgs.gcc.cc}/lib/libssp.so.* mr,
${pkgs.libsodium}/lib/libsodium.so.* mr, ${pkgs.libsodium}/lib/libsodium.so.* mr,
${pkgs.systemd}/lib/libsystemd.so.* mr,
${pkgs.xz}/lib/liblzma.so.* mr,
${pkgs.libgcrypt}/lib/libgcrypt.so.* mr,
${pkgs.libgpgerror}/lib/libgpg-error.so.* mr,
} }
'') '')
]; ];
@ -128,13 +131,27 @@ in
### Service definition ### Service definition
## derived from upstream dnscrypt-proxy.socket
systemd.sockets.dnscrypt-proxy = {
description = "dnscrypt-proxy listening socket";
socketConfig = {
ListenStream = "${cfg.localAddress}:${toString cfg.port}";
ListenDatagram = "${cfg.localAddress}:${toString cfg.port}";
};
wantedBy = [ "sockets.target" ];
};
# derived from upstream dnscrypt-proxy.service
systemd.services.dnscrypt-proxy = { systemd.services.dnscrypt-proxy = {
description = "dnscrypt-proxy daemon"; description = "dnscrypt-proxy daemon";
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service"; after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
requires = mkIf apparmorEnabled [ "apparmor.service" ]; requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "forking"; Type = "simple";
## note: NonBlocking is required for socket activation to work
NonBlocking = "true";
ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
}; };
}; };