diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 8249da69bc1..c48835e7361 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -7,7 +7,7 @@ let configFile = pkgs.writeText "dndist.conf" '' setLocal('${cfg.listenAddress}:${toString cfg.listenPort}') ${cfg.extraConfig} - ''; + ''; in { options = { services.dnsdist = { @@ -35,25 +35,18 @@ in { }; }; - config = mkIf config.services.dnsdist.enable { + config = mkIf cfg.enable { + systemd.packages = [ pkgs.dnsdist ]; + systemd.services.dnsdist = { - description = "dnsdist load balancer"; wantedBy = [ "multi-user.target" ]; - after = ["network.target"]; serviceConfig = { - Restart="on-failure"; - RestartSec="1"; DynamicUser = true; - StartLimitInterval="0"; - PrivateDevices=true; - AmbientCapabilities="CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; - ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; - ProtectHome=true; - RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; - LimitNOFILE="16384"; - TasksMax="8192"; + + # upstream overrides for better nixos compatibility + ExecStartPre = [ "" "${pkgs.dnsdist}/bin/dnsdist --check-config --config ${configFile}" ]; + ExecStart = [ "" "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}" ]; }; }; };