nixos/modules/services/networking/dnschain.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / dnschain.nix
at 16.09-beta 2.7 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services;
  7
  8  dnschainConf = pkgs.writeText "dnschain.conf" ''
  9    [log]
 10    level=info
 11
 12    [dns]
 13    host = 127.0.0.1
 14    port = 5333
 15    oldDNSMethod = NO_OLD_DNS
 16    # TODO: check what that address is acutally used for
 17    externalIP = 127.0.0.1
 18
 19    [http]
 20    host = 127.0.0.1
 21    port=8088
 22    tlsPort=4443
 23  '';
 24
 25in
 26
 27{
 28
 29  ###### interface
 30
 31  options = {
 32
 33    services.dnschain = {
 34
 35      enable = mkOption {
 36        type = types.bool;
 37        default = false;
 38        description = ''
 39          Whether to run dnschain. That implies running
 40          namecoind as well, so make sure to configure
 41          it appropriately.
 42        '';
 43      };
 44
 45    };
 46
 47    services.dnsmasq = {
 48      resolveDnschainQueries = mkOption {
 49        type = types.bool;
 50        default = false;
 51        description = ''
 52          Resolve <literal>.bit</literal> top-level domains
 53          with dnschain and namecoind.
 54        '';
 55      };
 56
 57    };
 58
 59  };
 60
 61
 62  ###### implementation
 63
 64  config = mkIf cfg.dnschain.enable {
 65
 66    services.namecoind.enable = true;
 67
 68    services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
 69
 70    users.extraUsers = singleton
 71      { name = "dnschain";
 72        uid = config.ids.uids.dnschain;
 73        extraGroups = [ "namecoin" ];
 74        description = "Dnschain daemon user";
 75        home = "/var/lib/dnschain";
 76        createHome = true;
 77      };
 78
 79    systemd.services.dnschain = {
 80        description = "Dnschain Daemon";
 81        after = [ "namecoind.target" ];
 82        wantedBy = [ "multi-user.target" ];
 83        path = [ pkgs.openssl ];
 84        preStart = ''
 85          # Link configuration file into dnschain HOME directory
 86          if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
 87              rm -rf /var/lib/dnschain/.dnschain.conf
 88              ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
 89          fi
 90
 91          # Create empty namecoin.conf so that dnschain is not
 92          # searching for /etc/namecoin/namecoin.conf
 93          if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
 94              mkdir -p /var/lib/dnschain/.namecoin
 95              touch /var/lib/dnschain/.namecoin/namecoin.conf
 96          fi
 97        '';
 98        serviceConfig = {
 99          Type = "simple";
100          User = "dnschain";
101          EnvironmentFile = config.services.namecoind.userFile;
102          ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
103          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
104          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
105        };
106    };
107
108  };
109
110}