public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/rdnssd: Major refactoring

Browse Source 
This updates rdnssd to the following:
* Using the systemd interfaces directly
* Using the rdnssd user instead of the root user
* Integrating with resolvconf instead of writing directly to /etc/resolv.conf
This commit is contained in:
William A. Kennington III 2015-04-04 21:20:04 -07:00
parent 45b37ca1d8
commit b3c423757e
2 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/misc/ids.nix
View File

@ -213,6 +213,7 @@
zope2 = 185; zope2 = 185;
ripple-data-api = 186; ripple-data-api = 186;
mediatomb = 187; mediatomb = 187;
rdnssd = 188;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -403,6 +404,7 @@
#zope2 = 185; # unused #zope2 = 185; # unused
#ripple-data-api = 186; #unused #ripple-data-api = 186; #unused
mediatomb = 187; mediatomb = 187;
#rdnssd = 188; # unused
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

44
nixos/modules/services/networking/rdnssd.nix
View File

@ -4,7 +4,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let
mergeHook = pkgs.writeScript "rdnssd-merge-hook" ''
#! ${pkgs.stdenv.shell} -e
${pkgs.openresolv}/bin/resolvconf -u
'';
in
{ {
###### interface ###### interface
@ -30,18 +35,39 @@ with lib;
config = mkIf config.services.rdnssd.enable { config = mkIf config.services.rdnssd.enable {
jobs.rdnssd = systemd.services.rdnssd = {
{ description = "RDNSS daemon"; description = "RDNSS daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
# Start before the network interfaces are brought up so that preStart = ''
# the daemon receives RDNSS advertisements from the kernel. # Create the proper run directory
startOn = "starting network-interfaces"; mkdir -p /run/rdnssd
touch /run/rdnssd/resolv.conf
chown -R rdnssd /run/rdnssd
# !!! Should write to /var/run/rdnssd/resolv.conf and run the daemon under another uid. # Link the resolvconf interfaces to rdnssd
exec = "${pkgs.ndisc6}/sbin/rdnssd --resolv-file /etc/resolv.conf -u root"; rm -f /run/resolvconf/interfaces/rdnssd
ln -s /run/rdnssd/resolv.conf /run/resolvconf/interfaces/rdnssd
${mergeHook}
'';
daemonType = "fork"; postStop = ''
rm -f /run/resolvconf/interfaces/rdnssd
${mergeHook}
'';
serviceConfig = {
ExecStart = "@${pkgs.ndisc6}/bin/rdnssd rdnssd -p /run/rdnssd/rdnssd.pid -r /run/rdnssd/resolv.conf -u rdnssd -H ${mergeHook}";
Type = "forking";
PIDFile = "/run/rdnssd/rdnssd.pid";
}; };
};
users.extraUsers.rdnssd = {
description = "RDNSSD Daemon User";
uid = config.ids.uids.rdnssd;
};
}; };