nixos/modules/services/networking/coredns.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / networking / coredns.nix

at 25.11-pre 1.5 kB view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  cfg = config.services.coredns;
 9  configFile = pkgs.writeText "Corefile" cfg.config;
10in
11{
12  options.services.coredns = {
13    enable = lib.mkEnableOption "Coredns dns server";
14
15    config = lib.mkOption {
16      default = "";
17      example = ''
18        . {
19          whoami
20        }
21      '';
22      type = lib.types.lines;
23      description = ''
24        Verbatim Corefile to use.
25        See <https://coredns.io/manual/toc/#configuration> for details.
26      '';
27    };
28
29    package = lib.mkPackageOption pkgs "coredns" { };
30
31    extraArgs = lib.mkOption {
32      default = [ ];
33      example = [ "-dns.port=53" ];
34      type = lib.types.listOf lib.types.str;
35      description = "Extra arguments to pass to coredns.";
36    };
37  };
38
39  config = lib.mkIf cfg.enable {
40    systemd.services.coredns = {
41      description = "Coredns dns server";
42      after = [ "network.target" ];
43      wantedBy = [ "multi-user.target" ];
44      serviceConfig = {
45        PermissionsStartOnly = true;
46        LimitNPROC = 512;
47        LimitNOFILE = 1048576;
48        CapabilityBoundingSet = "cap_net_bind_service";
49        AmbientCapabilities = "cap_net_bind_service";
50        NoNewPrivileges = true;
51        DynamicUser = true;
52        ExecStart = "${lib.getBin cfg.package}/bin/coredns -conf=${configFile} ${lib.escapeShellArgs cfg.extraArgs}";
53        ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID";
54        Restart = "on-failure";
55      };
56    };
57  };
58}