public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dnschain service: overhaul option interface & implementation

Browse Source 
Closes https://github.com/NixOS/nixpkgs/pull/22041
This commit is contained in:
rnhmjoj 2017-01-18 19:47:29 +01:00 committed by Joachim Fasting
parent 0788889220
commit f7d49037a4
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 119 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

181
nixos/modules/services/networking/dnschain.nix
View File

@ -3,23 +3,28 @@
with lib; with lib;
let let
cfg = config.services; cfgs = config.services;
cfg = cfgs.dnschain;
dnschainConf = pkgs.writeText "dnschain.conf" '' dataDir = "/var/lib/dnschain";
username = "dnschain";
configFile = pkgs.writeText "dnschain.conf" ''
[log] [log]
level=info level = info
[dns] [dns]
host = 127.0.0.1 host = ${cfg.dns.address}
port = 5333 port = ${toString cfg.dns.port}
oldDNSMethod = NO_OLD_DNS oldDNSMethod = NO_OLD_DNS
# TODO: check what that address is acutally used for externalIP = ${cfg.dns.address}
externalIP = 127.0.0.1
[http] [http]
host = 127.0.0.1 host = ${cfg.api.hostname}
port=8088 port = ${toString cfg.api.port}
tlsPort=4443 tlsPort = ${toString cfg.api.tlsPort}
${cfg.extraConfig}
''; '';
in in
@ -32,28 +37,81 @@ in
services.dnschain = { services.dnschain = {
enable = mkOption { enable = mkEnableOption ''
type = types.bool; DNSChain, a blockchain based DNS + HTTP server.
default = false; To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>
and an RPC username/password.
'';
dns.address = mkOption {
type = types.str;
default = "127.0.0.1";
description = '' description = ''
Whether to run dnschain. That implies running The IP address that will be used to reach this machine.
namecoind as well, so make sure to configure Leave this unchanged if you do not wish to directly expose the DNSChain resolver.
it appropriately. '';
};
dns.port = mkOption {
type = types.int;
default = 5333;
description = ''
The port the DNSChain resolver will bind to.
'';
};
api.hostname = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
The hostname (or IP address) the DNSChain API server will bind to.
'';
};
api.port = mkOption {
type = types.int;
default = 8080;
description = ''
The port the DNSChain API server (HTTP) will bind to.
'';
};
api.tlsPort = mkOption {
type = types.int;
default = 4433;
description = ''
The port the DNSChain API server (HTTPS) will bind to.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
[log]
level = debug
'';
description = ''
Additional options that will be appended to the configuration file.
''; '';
}; };
}; };
services.dnsmasq = { services.dnsmasq.resolveDNSChainQueries = mkOption {
resolveDnschainQueries = mkOption { type = types.bool;
type = types.bool; default = false;
default = false; description = ''
description = '' Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
Resolve <literal>.bit</literal> top-level domains '';
with dnschain and namecoind. };
'';
};
services.pdns-recursor.resolveDNSChainQueries = mkOption {
type = types.bool;
default = false;
description = ''
Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.
'';
}; };
}; };
@ -61,48 +119,47 @@ in
###### implementation ###### implementation
config = mkIf cfg.dnschain.enable { config = mkIf cfg.enable {
services.namecoind.enable = true; services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries
[ "/.bit/127.0.0.1#${toString cfg.dns.port}"
"/.dns/127.0.0.1#${toString cfg.dns.port}"
];
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ]; services.pdns-recursor.forwardZones = mkIf cfgs.pdns-recursor.resolveDNSChainQueries
{ bit = "127.0.0.1:${toString cfg.dns.port}";
users.extraUsers = singleton dns = "127.0.0.1:${toString cfg.dns.port}";
{ name = "dnschain";
uid = config.ids.uids.dnschain;
extraGroups = [ "namecoin" ];
description = "Dnschain daemon user";
home = "/var/lib/dnschain";
createHome = true;
}; };
systemd.services.dnschain = { users.extraUsers = singleton {
description = "Dnschain Daemon"; name = username;
after = [ "namecoind.target" ]; description = "DNSChain daemon user";
wantedBy = [ "multi-user.target" ]; home = dataDir;
path = [ pkgs.openssl ]; createHome = true;
preStart = '' uid = config.ids.uids.dnschain;
# Link configuration file into dnschain HOME directory extraGroups = optional cfgs.namecoind.enable "namecoin";
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then };
rm -rf /var/lib/dnschain/.dnschain.conf
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
fi
# Create empty namecoin.conf so that dnschain is not systemd.services.dnschain = {
# searching for /etc/namecoin/namecoin.conf description = "DNSChain daemon";
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then after = optional cfgs.namecoind.enable "namecoind.target";
mkdir -p /var/lib/dnschain/.namecoin wantedBy = [ "multi-user.target" ];
touch /var/lib/dnschain/.namecoin/namecoin.conf
fi serviceConfig = {
''; User = "dnschain";
serviceConfig = { Restart = "on-failure";
Type = "simple"; ExecStart = "${pkgs.dnschain}/bin/dnschain";
User = "dnschain"; };
EnvironmentFile = config.services.namecoind.userFile;
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336"; preStart = ''
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; # Link configuration file into dnschain home directory
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; configPath=${dataDir}/.dnschain/dnschain.conf
}; mkdir -p ${dataDir}/.dnschain
if [ "$(realpath $configPath)" != "${configFile}" ]; then
rm -f $configPath
ln -s ${configFile} $configPath
fi
'';
}; };
}; };