kresd service: switch .listenDoH to new implementation
Beware: extraFeatures are not needed *for this* anymore, but their removal may still cause a regression in some configs (example: prefill module).
This commit is contained in:
Vladimír Čunát
parent
3087df3e8f
commit
e61ef63e4e
@ -23,18 +23,14 @@ let
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
configFile = pkgs.writeText "kresd.conf" (
|
configFile = pkgs.writeText "kresd.conf" (
|
||||||
optionalString (cfg.listenDoH != []) ''
|
""
|
||||||
modules.load('http')
|
|
||||||
''
|
|
||||||
+ concatMapStrings (mkListen "dns") cfg.listenPlain
|
+ concatMapStrings (mkListen "dns") cfg.listenPlain
|
||||||
+ concatMapStrings (mkListen "tls") cfg.listenTLS
|
+ concatMapStrings (mkListen "tls") cfg.listenTLS
|
||||||
+ concatMapStrings (mkListen "doh") cfg.listenDoH
|
+ concatMapStrings (mkListen "doh2") cfg.listenDoH
|
||||||
+ cfg.extraConfig
|
+ cfg.extraConfig
|
||||||
);
|
);
|
||||||
|
|
||||||
package = if cfg.listenDoH == []
|
package = pkgs.knot-resolver;
|
||||||
then pkgs.knot-resolver # never force `extraFeatures = false`
|
|
||||||
else pkgs.knot-resolver.override { extraFeatures = true; };
|
|
||||||
in {
|
in {
|
||||||
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
||||||
|
|
||||||
@ -92,7 +88,7 @@ in {
|
|||||||
default = [];
|
default = [];
|
||||||
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
|
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
|
||||||
description = ''
|
description = ''
|
||||||
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 8484).
|
Addresses and ports on which kresd should provide DNS over HTTPS/2 (see RFC 8484).
|
||||||
For detailed syntax see ListenStream in man systemd.socket.
|
For detailed syntax see ListenStream in man systemd.socket.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user