pyrox.dev
1{
2 config,
3 lib,
4 pkgs,
5 ...
6}:
7
8with lib;
9let
10 pkg = pkgs.nixops-dns;
11 cfg = config.services.nixops-dns;
12in
13
14{
15 options = {
16 services.nixops-dns = {
17 enable = mkOption {
18 type = types.bool;
19 default = false;
20 description = ''
21 Whether to enable the nixops-dns resolution
22 of NixOps virtual machines via dnsmasq and fake domain name.
23 '';
24 };
25
26 user = mkOption {
27 type = types.str;
28 description = ''
29 The user the nixops-dns daemon should run as.
30 This should be the user, which is also used for nixops and
31 have the .nixops directory in its home.
32 '';
33 };
34
35 domain = mkOption {
36 type = types.str;
37 description = ''
38 Fake domain name to resolve to NixOps virtual machines.
39
40 For example "ops" will resolve "vm.ops".
41 '';
42 default = "ops";
43 };
44
45 dnsmasq = mkOption {
46 type = types.bool;
47 default = true;
48 description = ''
49 Enable dnsmasq forwarding to nixops-dns. This allows to use
50 nixops-dns for `services.nixops-dns.domain` resolution
51 while forwarding the rest of the queries to original resolvers.
52 '';
53 };
54
55 };
56 };
57
58 config = mkIf cfg.enable {
59 systemd.services.nixops-dns = {
60 description = "nixops-dns: DNS server for resolving NixOps machines";
61 wantedBy = [ "multi-user.target" ];
62
63 serviceConfig = {
64 Type = "simple";
65 User = cfg.user;
66 ExecStart = "${pkg}/bin/nixops-dns --domain=.${cfg.domain}";
67 };
68 };
69
70 services.dnsmasq = mkIf cfg.dnsmasq {
71 enable = true;
72 resolveLocalQueries = true;
73 servers = [
74 "/${cfg.domain}/127.0.0.1#5300"
75 ];
76 settings = {
77 bind-interfaces = true;
78 listen-address = "127.0.0.1";
79 };
80 };
81
82 };
83}