nixos/modules/services/networking/coredns.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / coredns.nix

at 21.11-pre 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.coredns;
 7  configFile = pkgs.writeText "Corefile" cfg.config;
 8in {
 9  options.services.coredns = {
10    enable = mkEnableOption "Coredns dns server";
11
12    config = mkOption {
13      default = "";
14      example = ''
15        . {
16          whoami
17        }
18      '';
19      type = types.lines;
20      description = "Verbatim Corefile to use. See <link xlink:href=\"https://coredns.io/manual/toc/#configuration\"/> for details.";
21    };
22
23    package = mkOption {
24      default = pkgs.coredns;
25      defaultText = "pkgs.coredns";
26      type = types.package;
27      description = "Coredns package to use.";
28    };
29  };
30
31  config = mkIf cfg.enable {
32    systemd.services.coredns = {
33      description = "Coredns dns server";
34      after = [ "network.target" ];
35      wantedBy = [ "multi-user.target" ];
36      serviceConfig = {
37        PermissionsStartOnly = true;
38        LimitNPROC = 512;
39        LimitNOFILE = 1048576;
40        CapabilityBoundingSet = "cap_net_bind_service";
41        AmbientCapabilities = "cap_net_bind_service";
42        NoNewPrivileges = true;
43        DynamicUser = true;
44        ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}";
45        ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID";
46        Restart = "on-failure";
47      };
48    };
49  };
50}