nixos/modules/services/networking/coredns.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / coredns.nix

at 23.11-pre 1.4 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.coredns;
 7  configFile = pkgs.writeText "Corefile" cfg.config;
 8in {
 9  options.services.coredns = {
10    enable = mkEnableOption (lib.mdDoc "Coredns dns server");
11
12    config = mkOption {
13      default = "";
14      example = ''
15        . {
16          whoami
17        }
18      '';
19      type = types.lines;
20      description = lib.mdDoc ''
21        Verbatim Corefile to use.
22        See <https://coredns.io/manual/toc/#configuration> for details.
23      '';
24    };
25
26    package = mkOption {
27      default = pkgs.coredns;
28      defaultText = literalExpression "pkgs.coredns";
29      type = types.package;
30      description = lib.mdDoc "Coredns package to use.";
31    };
32  };
33
34  config = mkIf cfg.enable {
35    systemd.services.coredns = {
36      description = "Coredns dns server";
37      after = [ "network.target" ];
38      wantedBy = [ "multi-user.target" ];
39      serviceConfig = {
40        PermissionsStartOnly = true;
41        LimitNPROC = 512;
42        LimitNOFILE = 1048576;
43        CapabilityBoundingSet = "cap_net_bind_service";
44        AmbientCapabilities = "cap_net_bind_service";
45        NoNewPrivileges = true;
46        DynamicUser = true;
47        ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}";
48        ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID";
49        Restart = "on-failure";
50      };
51    };
52  };
53}