public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dnschain service: overhaul option interface & implementation

Browse Source 
Closes https://github.com/NixOS/nixpkgs/pull/22041
This commit is contained in:
rnhmjoj 2017-01-18 19:47:29 +01:00 committed by Joachim Fasting
parent 0788889220
commit f7d49037a4
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 119 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
nixos/modules/services/networking/dnschain.nix
View File

@ -3,23 +3,28 @@
with lib; with lib;
let let
cfg = config.services; cfgs = config.services;
cfg = cfgs.dnschain;
dnschainConf = pkgs.writeText "dnschain.conf" '' dataDir = "/var/lib/dnschain";
username = "dnschain";
configFile = pkgs.writeText "dnschain.conf" ''
[log] [log]
level=info level = info
[dns] [dns]
host = 127.0.0.1 host = ${cfg.dns.address}
port = 5333 port = ${toString cfg.dns.port}
oldDNSMethod = NO_OLD_DNS oldDNSMethod = NO_OLD_DNS
# TODO: check what that address is acutally used for externalIP = ${cfg.dns.address}
externalIP = 127.0.0.1
[http] [http]
host = 127.0.0.1 host = ${cfg.api.hostname}
port=8088 port = ${toString cfg.api.port}
tlsPort=4443 tlsPort = ${toString cfg.api.tlsPort}
${cfg.extraConfig}
''; '';
in in
@ -32,28 +37,81 @@ in
services.dnschain = { services.dnschain = {
enable = mkOption { enable = mkEnableOption ''
type = types.bool; DNSChain, a blockchain based DNS + HTTP server.
default = false; To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
and an RPC username/password.
'';
dns.address = mkOption {
type = types.str;
default = "127.0.0.1";
description = '' description = ''
Whether to run dnschain. That implies running The IP address that will be used to reach this machine.
namecoind as well, so make sure to configure Leave this unchanged if you do not wish to directly expose the DNSChain resolver.
it appropriately. '';
};
dns.port = mkOption {
type = types.int;
default = 5333;
description = ''
The port the DNSChain resolver will bind to.
'';
};
api.hostname = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
The hostname (or IP address) the DNSChain API server will bind to.
'';
};
api.port = mkOption {
type = types.int;
default = 8080;
description = ''
The port the DNSChain API server (HTTP) will bind to.
'';
};
api.tlsPort = mkOption {
type = types.int;
default = 4433;
description = ''
The port the DNSChain API server (HTTPS) will bind to.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
[log]
level = debug
'';
description = ''
Additional options that will be appended to the configuration file.
''; '';
}; };
}; };
services.dnsmasq = { services.dnsmasq.resolveDNSChainQueries = mkOption {
resolveDnschainQueries = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = ''
Resolve <literal>.bit</literal> top-level domains Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
with dnschain and namecoind.
''; '';
}; };
services.pdns-recursor.resolveDNSChainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
'';
}; };
}; };
@ -61,48 +119,47 @@ in
###### implementation ###### implementation
config = mkIf cfg.dnschain.enable { config = mkIf cfg.enable {
services.namecoind.enable = true; services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
[ "/.bit/127.0.0.1#${toString cfg.dns.port}"
"/.dns/127.0.0.1#${toString cfg.dns.port}"
];
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ]; services.pdns-recursor.forwardZones = mkIf cfgs.pdns-recursor.resolveDNSChainQueries
{ bit = "127.0.0.1:${toString cfg.dns.port}";
dns = "127.0.0.1:${toString cfg.dns.port}";
};
users.extraUsers = singleton users.extraUsers = singleton {
{ name = "dnschain"; name = username;
uid = config.ids.uids.dnschain; description = "DNSChain daemon user";
extraGroups = [ "namecoin" ]; home = dataDir;
description = "Dnschain daemon user";
home = "/var/lib/dnschain";
createHome = true; createHome = true;
uid = config.ids.uids.dnschain;
extraGroups = optional cfgs.namecoind.enable "namecoin";
}; };
systemd.services.dnschain = { systemd.services.dnschain = {
description = "Dnschain Daemon"; description = "DNSChain daemon";
after = [ "namecoind.target" ]; after = optional cfgs.namecoind.enable "namecoind.target";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = [ pkgs.openssl ];
preStart = ''
# Link configuration file into dnschain HOME directory
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
rm -rf /var/lib/dnschain/.dnschain.conf
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
fi
# Create empty namecoin.conf so that dnschain is not serviceConfig = {
# searching for /etc/namecoin/namecoin.conf User = "dnschain";
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then Restart = "on-failure";
mkdir -p /var/lib/dnschain/.namecoin ExecStart = "${pkgs.dnschain}/bin/dnschain";
touch /var/lib/dnschain/.namecoin/namecoin.conf };
preStart = ''
# Link configuration file into dnschain home directory
configPath=${dataDir}/.dnschain/dnschain.conf
mkdir -p ${dataDir}/.dnschain
if [ "$(realpath $configPath)" != "${configFile}" ]; then
rm -f $configPath
ln -s ${configFile} $configPath
fi fi
''; '';
serviceConfig = {
Type = "simple";
User = "dnschain";
EnvironmentFile = config.services.namecoind.userFile;
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
};
}; };
}; };