pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / godns.nix
at 25.11-pre 2.0 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7let 8 inherit (lib) 9 mkEnableOption 10 mkIf 11 mkOption 12 mkPackageOption 13 types 14 ; 15 16 cfg = config.services.godns; 17 18 settingsFormat = pkgs.formats.yaml { }; 19in 20{ 21 options.services.godns = { 22 enable = mkEnableOption "GoDNS service"; 23 24 package = mkPackageOption pkgs "godns" { }; 25 26 settings = mkOption { 27 type = types.submodule { 28 freeformType = settingsFormat.type; 29 }; 30 31 description = '' 32 Configuration for GoDNS. Refer to the [configuration section](1) in the 33 GoDNS GitHub repository for details. 34 35 [1]: https://github.com/TimothyYe/godns?tab=readme-ov-file#configuration 36 ''; 37 38 example = { 39 provider = "Cloudflare"; 40 login_token_file = "$CREDENTIALS_DIRECTORY/login_token"; 41 domains = [ 42 { 43 domain_name = "example.com"; 44 sub_domains = [ "foo" ]; 45 } 46 ]; 47 ipv6_urls = [ 48 "https://api6.ipify.org" 49 "https://ip2location.io/ip" 50 "https://v6.ipinfo.io/ip" 51 ]; 52 ip_type = "IPv6"; 53 interval = 300; 54 }; 55 }; 56 57 loadCredential = lib.mkOption { 58 type = types.listOf types.str; 59 default = [ ]; 60 example = [ "login_token:/path/to/login_token" ]; 61 description = '' 62 This can be used to pass secrets to the systemd service without adding 63 them to the nix store. 64 ''; 65 }; 66 }; 67 68 config = mkIf cfg.enable { 69 systemd.services.godns = { 70 description = "GoDNS service"; 71 wantedBy = [ "multi-user.target" ]; 72 after = [ "network.target" ]; 73 serviceConfig = { 74 DynamicUser = true; 75 ExecStart = "${lib.getExe cfg.package} -c ${settingsFormat.generate "config.yaml" cfg.settings}"; 76 LoadCredential = cfg.loadCredential; 77 Restart = "always"; 78 RestartSec = "2s"; 79 }; 80 }; 81 }; 82 83 meta.maintainers = [ lib.maintainers.michaelvanstraten ]; 84}