mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-20 17:10:46 +03:00
41c5662cbe
This avoids restarting the postgresql server, when only ensureDatabases or ensureUsers have been changed. It will also allow to properly wait for recovery to finish later. To wait for "postgresql is ready" in other services, we now provide a postgresql.target. Resolves #400018 Co-authored-by: Marcel <me@m4rc3l.de>
84 lines
2.2 KiB
Nix
84 lines
2.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.powerdns;
|
|
configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
|
|
finalConfigDir = if cfg.secretFile == null then configDir else "/run/pdns";
|
|
in
|
|
{
|
|
options = {
|
|
services.powerdns = {
|
|
enable = mkEnableOption "PowerDNS domain name server";
|
|
|
|
extraConfig = mkOption {
|
|
type = types.lines;
|
|
default = "launch=bind";
|
|
description = ''
|
|
PowerDNS configuration. Refer to
|
|
<https://doc.powerdns.com/authoritative/settings.html>
|
|
for details on supported values.
|
|
'';
|
|
};
|
|
|
|
secretFile = mkOption {
|
|
type = types.nullOr types.path;
|
|
default = null;
|
|
example = "/run/keys/powerdns.env";
|
|
description = ''
|
|
Environment variables from this file will be interpolated into the
|
|
final config file using envsubst with this syntax: `$ENVIRONMENT`
|
|
or `''${VARIABLE}`.
|
|
The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.
|
|
This is useful to avoid putting secrets into the nix store.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
|
|
environment.etc.pdns.source = finalConfigDir;
|
|
|
|
systemd.packages = [ pkgs.pdns ];
|
|
|
|
systemd.services.pdns = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [
|
|
"network.target"
|
|
"mysql.service"
|
|
"postgresql.target"
|
|
"openldap.service"
|
|
];
|
|
|
|
serviceConfig = {
|
|
EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile;
|
|
ExecStartPre = lib.optional (cfg.secretFile != null) (
|
|
pkgs.writeShellScript "pdns-pre-start" ''
|
|
umask 077
|
|
${pkgs.envsubst}/bin/envsubst -i "${configDir}/pdns.conf" > ${finalConfigDir}/pdns.conf
|
|
''
|
|
);
|
|
ExecStart = [
|
|
""
|
|
"${pkgs.pdns}/bin/pdns_server --config-dir=${finalConfigDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no"
|
|
];
|
|
};
|
|
};
|
|
|
|
users.users.pdns = {
|
|
isSystemUser = true;
|
|
group = "pdns";
|
|
description = "PowerDNS";
|
|
};
|
|
|
|
users.groups.pdns = { };
|
|
|
|
};
|
|
}
|