mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-06-12 04:35:41 +03:00
nixos/services.ncdns: remove with lib;
This commit is contained in:
Felix Buehler
parent
e4ffb753b1
commit
e14d1dc198
1 changed files with 35 additions and 38 deletions
|
|
@ -1,7 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfgs = config.services;
|
cfgs = config.services;
|
||||||
cfg = cfgs.ncdns;
|
cfg = cfgs.ncdns;
|
||||||
|
|
@ -9,10 +6,10 @@ let
|
||||||
dataDir = "/var/lib/ncdns";
|
dataDir = "/var/lib/ncdns";
|
||||||
username = "ncdns";
|
username = "ncdns";
|
||||||
|
|
||||||
valueType = with types; oneOf [ int str bool path ]
|
valueType = with lib.types; oneOf [ int str bool path ]
|
||||||
// { description = "setting type (integer, string, bool or path)"; };
|
// { description = "setting type (integer, string, bool or path)"; };
|
||||||
|
|
||||||
configType = with types; attrsOf (nullOr (either valueType configType))
|
configType = with lib.types; attrsOf (nullOr (either valueType configType))
|
||||||
// { description = ''
|
// { description = ''
|
||||||
ncdns.conf configuration type. The format consists of an
|
ncdns.conf configuration type. The format consists of an
|
||||||
attribute set of settings. Each setting can be either `null`,
|
attribute set of settings. Each setting can be either `null`,
|
||||||
|
|
@ -35,10 +32,10 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
# if all keys are the default value
|
# if all keys are the default value
|
||||||
needsKeygen = all id (flip mapAttrsToList cfg.dnssec.keys
|
needsKeygen = lib.all lib.id (lib.flip lib.mapAttrsToList cfg.dnssec.keys
|
||||||
(n: v: v == getAttr n defaultFiles));
|
(n: v: v == lib.getAttr n defaultFiles));
|
||||||
|
|
||||||
mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
|
mkDefaultAttrs = lib.mapAttrs (n: v: lib.mkDefault v);
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
|
@ -50,14 +47,14 @@ in
|
||||||
|
|
||||||
services.ncdns = {
|
services.ncdns = {
|
||||||
|
|
||||||
enable = mkEnableOption ''
|
enable = lib.mkEnableOption ''
|
||||||
ncdns, a Go daemon to bridge Namecoin to DNS.
|
ncdns, a Go daemon to bridge Namecoin to DNS.
|
||||||
To resolve .bit domains set `services.namecoind.enable = true;`
|
To resolve .bit domains set `services.namecoind.enable = true;`
|
||||||
and an RPC username/password
|
and an RPC username/password
|
||||||
'';
|
'';
|
||||||
|
|
||||||
address = mkOption {
|
address = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "[::1]";
|
default = "[::1]";
|
||||||
description = ''
|
description = ''
|
||||||
The IP address the ncdns resolver will bind to. Leave this unchanged
|
The IP address the ncdns resolver will bind to. Leave this unchanged
|
||||||
|
|
@ -65,18 +62,18 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = lib.mkOption {
|
||||||
type = types.port;
|
type = lib.types.port;
|
||||||
default = 5333;
|
default = 5333;
|
||||||
description = ''
|
description = ''
|
||||||
The port the ncdns resolver will bind to.
|
The port the ncdns resolver will bind to.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
identity.hostname = mkOption {
|
identity.hostname = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = config.networking.hostName;
|
default = config.networking.hostName;
|
||||||
defaultText = literalExpression "config.networking.hostName";
|
defaultText = lib.literalExpression "config.networking.hostName";
|
||||||
example = "example.com";
|
example = "example.com";
|
||||||
description = ''
|
description = ''
|
||||||
The hostname of this ncdns instance, which defaults to the machine
|
The hostname of this ncdns instance, which defaults to the machine
|
||||||
|
|
@ -92,8 +89,8 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
identity.hostmaster = mkOption {
|
identity.hostmaster = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "";
|
default = "";
|
||||||
example = "root@example.com";
|
example = "root@example.com";
|
||||||
description = ''
|
description = ''
|
||||||
|
|
@ -102,8 +99,8 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
identity.address = mkOption {
|
identity.address = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "127.127.127.127";
|
default = "127.127.127.127";
|
||||||
description = ''
|
description = ''
|
||||||
The IP address the hostname specified in
|
The IP address the hostname specified in
|
||||||
|
|
@ -112,7 +109,7 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dnssec.enable = mkEnableOption ''
|
dnssec.enable = lib.mkEnableOption ''
|
||||||
DNSSEC support in ncdns. This will generate KSK and ZSK keypairs
|
DNSSEC support in ncdns. This will generate KSK and ZSK keypairs
|
||||||
(unless provided via the options
|
(unless provided via the options
|
||||||
{option}`services.ncdns.dnssec.publicKey`,
|
{option}`services.ncdns.dnssec.publicKey`,
|
||||||
|
|
@ -120,8 +117,8 @@ in
|
||||||
anchor to recursive resolvers
|
anchor to recursive resolvers
|
||||||
'';
|
'';
|
||||||
|
|
||||||
dnssec.keys.public = mkOption {
|
dnssec.keys.public = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
default = defaultFiles.public;
|
default = defaultFiles.public;
|
||||||
description = ''
|
description = ''
|
||||||
Path to the file containing the KSK public key.
|
Path to the file containing the KSK public key.
|
||||||
|
|
@ -133,16 +130,16 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dnssec.keys.private = mkOption {
|
dnssec.keys.private = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
default = defaultFiles.private;
|
default = defaultFiles.private;
|
||||||
description = ''
|
description = ''
|
||||||
Path to the file containing the KSK private key.
|
Path to the file containing the KSK private key.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dnssec.keys.zonePublic = mkOption {
|
dnssec.keys.zonePublic = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
default = defaultFiles.zonePublic;
|
default = defaultFiles.zonePublic;
|
||||||
description = ''
|
description = ''
|
||||||
Path to the file containing the ZSK public key.
|
Path to the file containing the ZSK public key.
|
||||||
|
|
@ -154,18 +151,18 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
dnssec.keys.zonePrivate = mkOption {
|
dnssec.keys.zonePrivate = lib.mkOption {
|
||||||
type = types.path;
|
type = lib.types.path;
|
||||||
default = defaultFiles.zonePrivate;
|
default = defaultFiles.zonePrivate;
|
||||||
description = ''
|
description = ''
|
||||||
Path to the file containing the ZSK private key.
|
Path to the file containing the ZSK private key.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
settings = mkOption {
|
settings = lib.mkOption {
|
||||||
type = configType;
|
type = configType;
|
||||||
default = { };
|
default = { };
|
||||||
example = literalExpression ''
|
example = lib.literalExpression ''
|
||||||
{ # enable webserver
|
{ # enable webserver
|
||||||
ncdns.httplistenaddr = ":8202";
|
ncdns.httplistenaddr = ":8202";
|
||||||
|
|
||||||
|
|
@ -186,8 +183,8 @@ in
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.pdns-recursor.resolveNamecoin = mkOption {
|
services.pdns-recursor.resolveNamecoin = lib.mkOption {
|
||||||
type = types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = ''
|
description = ''
|
||||||
Resolve `.bit` top-level domains using ncdns and namecoin.
|
Resolve `.bit` top-level domains using ncdns and namecoin.
|
||||||
|
|
@ -199,9 +196,9 @@ in
|
||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveNamecoin {
|
services.pdns-recursor = lib.mkIf cfgs.pdns-recursor.resolveNamecoin {
|
||||||
forwardZonesRecurse.bit = "${cfg.address}:${toString cfg.port}";
|
forwardZonesRecurse.bit = "${cfg.address}:${toString cfg.port}";
|
||||||
luaConfig =
|
luaConfig =
|
||||||
if cfg.dnssec.enable
|
if cfg.dnssec.enable
|
||||||
|
|
@ -210,7 +207,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
# Avoid pdns-recursor not finding the DNSSEC keys
|
# Avoid pdns-recursor not finding the DNSSEC keys
|
||||||
systemd.services.pdns-recursor = mkIf cfgs.pdns-recursor.resolveNamecoin {
|
systemd.services.pdns-recursor = lib.mkIf cfgs.pdns-recursor.resolveNamecoin {
|
||||||
after = [ "ncdns.service" ];
|
after = [ "ncdns.service" ];
|
||||||
wants = [ "ncdns.service" ];
|
wants = [ "ncdns.service" ];
|
||||||
};
|
};
|
||||||
|
|
@ -231,7 +228,7 @@ in
|
||||||
# Other
|
# Other
|
||||||
bind = "${cfg.address}:${toString cfg.port}";
|
bind = "${cfg.address}:${toString cfg.port}";
|
||||||
}
|
}
|
||||||
// optionalAttrs cfg.dnssec.enable
|
// lib.optionalAttrs cfg.dnssec.enable
|
||||||
{ # DNSSEC
|
{ # DNSSEC
|
||||||
publickey = "../.." + cfg.dnssec.keys.public;
|
publickey = "../.." + cfg.dnssec.keys.public;
|
||||||
privatekey = "../.." + cfg.dnssec.keys.private;
|
privatekey = "../.." + cfg.dnssec.keys.private;
|
||||||
|
|
@ -263,7 +260,7 @@ in
|
||||||
ExecStart = "${pkgs.ncdns}/bin/ncdns -conf=${configFile}";
|
ExecStart = "${pkgs.ncdns}/bin/ncdns -conf=${configFile}";
|
||||||
};
|
};
|
||||||
|
|
||||||
preStart = optionalString (cfg.dnssec.enable && needsKeygen) ''
|
preStart = lib.optionalString (cfg.dnssec.enable && needsKeygen) ''
|
||||||
cd ${dataDir}
|
cd ${dataDir}
|
||||||
if [ ! -e bit.key ]; then
|
if [ ! -e bit.key ]; then
|
||||||
${pkgs.bind}/bin/dnssec-keygen -a RSASHA256 -3 -b 2048 bit
|
${pkgs.bind}/bin/dnssec-keygen -a RSASHA256 -3 -b 2048 bit
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue