nixos/modules/services/networking/coredns.nix at 24.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / coredns.nix

at 24.11-pre 1.5 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6  cfg = config.services.coredns;
 7  configFile = pkgs.writeText "Corefile" cfg.config;
 8in {
 9  options.services.coredns = {
10    enable = mkEnableOption "Coredns dns server";
11
12    config = mkOption {
13      default = "";
14      example = ''
15        . {
16          whoami
17        }
18      '';
19      type = types.lines;
20      description = ''
21        Verbatim Corefile to use.
22        See <https://coredns.io/manual/toc/#configuration> for details.
23      '';
24    };
25
26    package = mkPackageOption pkgs "coredns" { };
27
28    extraArgs = mkOption {
29      default = [];
30      example = [ "-dns.port=53" ];
31      type = types.listOf types.str;
32      description = "Extra arguments to pass to coredns.";
33    };
34  };
35
36  config = mkIf cfg.enable {
37    systemd.services.coredns = {
38      description = "Coredns dns server";
39      after = [ "network.target" ];
40      wantedBy = [ "multi-user.target" ];
41      serviceConfig = {
42        PermissionsStartOnly = true;
43        LimitNPROC = 512;
44        LimitNOFILE = 1048576;
45        CapabilityBoundingSet = "cap_net_bind_service";
46        AmbientCapabilities = "cap_net_bind_service";
47        NoNewPrivileges = true;
48        DynamicUser = true;
49        ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}";
50        ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID";
51        Restart = "on-failure";
52      };
53    };
54  };
55}