nixos/modules/services/networking/dnsmasq.nix at 23.05-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / dnsmasq.nix
at 23.05-pre 3.3 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.dnsmasq;
  7  dnsmasq = pkgs.dnsmasq;
  8  stateDir = "/var/lib/dnsmasq";
  9
 10  dnsmasqConf = pkgs.writeText "dnsmasq.conf" ''
 11    dhcp-leasefile=${stateDir}/dnsmasq.leases
 12    ${optionalString cfg.resolveLocalQueries ''
 13      conf-file=/etc/dnsmasq-conf.conf
 14      resolv-file=/etc/dnsmasq-resolv.conf
 15    ''}
 16    ${flip concatMapStrings cfg.servers (server: ''
 17      server=${server}
 18    '')}
 19    ${cfg.extraConfig}
 20  '';
 21
 22in
 23
 24{
 25
 26  ###### interface
 27
 28  options = {
 29
 30    services.dnsmasq = {
 31
 32      enable = mkOption {
 33        type = types.bool;
 34        default = false;
 35        description = lib.mdDoc ''
 36          Whether to run dnsmasq.
 37        '';
 38      };
 39
 40      resolveLocalQueries = mkOption {
 41        type = types.bool;
 42        default = true;
 43        description = lib.mdDoc ''
 44          Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to
 45          /etc/resolv.conf).
 46        '';
 47      };
 48
 49      servers = mkOption {
 50        type = types.listOf types.str;
 51        default = [];
 52        example = [ "8.8.8.8" "8.8.4.4" ];
 53        description = lib.mdDoc ''
 54          The DNS servers which dnsmasq should query.
 55        '';
 56      };
 57
 58      alwaysKeepRunning = mkOption {
 59        type = types.bool;
 60        default = false;
 61        description = lib.mdDoc ''
 62          If enabled, systemd will always respawn dnsmasq even if shut down manually. The default, disabled, will only restart it on error.
 63        '';
 64      };
 65
 66      extraConfig = mkOption {
 67        type = types.lines;
 68        default = "";
 69        description = lib.mdDoc ''
 70          Extra configuration directives that should be added to
 71          `dnsmasq.conf`.
 72        '';
 73      };
 74
 75    };
 76
 77  };
 78
 79
 80  ###### implementation
 81
 82  config = mkIf cfg.enable {
 83
 84    networking.nameservers =
 85      optional cfg.resolveLocalQueries "127.0.0.1";
 86
 87    services.dbus.packages = [ dnsmasq ];
 88
 89    users.users.dnsmasq = {
 90      isSystemUser = true;
 91      group = "dnsmasq";
 92      description = "Dnsmasq daemon user";
 93    };
 94    users.groups.dnsmasq = {};
 95
 96    networking.resolvconf = mkIf cfg.resolveLocalQueries {
 97      useLocalResolver = mkDefault true;
 98
 99      extraConfig = ''
100        dnsmasq_conf=/etc/dnsmasq-conf.conf
101        dnsmasq_resolv=/etc/dnsmasq-resolv.conf
102      '';
103    };
104
105    systemd.services.dnsmasq = {
106        description = "Dnsmasq Daemon";
107        after = [ "network.target" "systemd-resolved.service" ];
108        wantedBy = [ "multi-user.target" ];
109        path = [ dnsmasq ];
110        preStart = ''
111          mkdir -m 755 -p ${stateDir}
112          touch ${stateDir}/dnsmasq.leases
113          chown -R dnsmasq ${stateDir}
114          touch /etc/dnsmasq-{conf,resolv}.conf
115          dnsmasq --test
116        '';
117        serviceConfig = {
118          Type = "dbus";
119          BusName = "uk.org.thekelleys.dnsmasq";
120          ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
121          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
122          PrivateTmp = true;
123          ProtectSystem = true;
124          ProtectHome = true;
125          Restart = if cfg.alwaysKeepRunning then "always" else "on-failure";
126        };
127        restartTriggers = [ config.environment.etc.hosts.source ];
128    };
129  };
130}