pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.powerdns;
7 configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
8 finalConfigDir = if cfg.secretFile == null then configDir else "/run/pdns";
9in {
10 options = {
11 services.powerdns = {
12 enable = mkEnableOption (lib.mdDoc "PowerDNS domain name server");
13
14 extraConfig = mkOption {
15 type = types.lines;
16 default = "launch=bind";
17 description = lib.mdDoc ''
18 PowerDNS configuration. Refer to
19 <https://doc.powerdns.com/authoritative/settings.html>
20 for details on supported values.
21 '';
22 };
23
24 secretFile = mkOption {
25 type = types.nullOr types.path;
26 default = null;
27 example = "/run/keys/powerdns.env";
28 description = lib.mdDoc ''
29 Environment variables from this file will be interpolated into the
30 final config file using envsubst with this syntax: `$ENVIRONMENT`
31 or `''${VARIABLE}`.
32 The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.
33 This is useful to avoid putting secrets into the nix store.
34 '';
35 };
36 };
37 };
38
39 config = mkIf cfg.enable {
40
41 systemd.packages = [ pkgs.pdns ];
42
43 systemd.services.pdns = {
44 wantedBy = [ "multi-user.target" ];
45 after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ];
46
47 serviceConfig = {
48 EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile;
49 ExecStartPre = lib.optional (cfg.secretFile != null)
50 (pkgs.writeShellScript "pdns-pre-start" ''
51 umask 077
52 ${pkgs.envsubst}/bin/envsubst -i "${configDir}/pdns.conf" > ${finalConfigDir}/pdns.conf
53 '');
54 ExecStart = [ "" "${pkgs.pdns}/bin/pdns_server --config-dir=${finalConfigDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no" ];
55 };
56 };
57
58 users.users.pdns = {
59 isSystemUser = true;
60 group = "pdns";
61 description = "PowerDNS";
62 };
63
64 users.groups.pdns = {};
65
66 };
67}