nixos/modules/services/networking/routedns.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / routedns.nix
at 25.11-pre 2.4 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7
 8with lib;
 9
10let
11  cfg = config.services.routedns;
12  settingsFormat = pkgs.formats.toml { };
13in
14{
15  options.services.routedns = {
16    enable = mkEnableOption "RouteDNS - DNS stub resolver, proxy and router";
17
18    settings = mkOption {
19      type = settingsFormat.type;
20      example = literalExpression ''
21        {
22          resolvers.cloudflare-dot = {
23            address = "1.1.1.1:853";
24            protocol = "dot";
25          };
26          groups.cloudflare-cached = {
27            type = "cache";
28            resolvers = ["cloudflare-dot"];
29          };
30          listeners.local-udp = {
31            address = "127.0.0.1:53";
32            protocol = "udp";
33            resolver = "cloudflare-cached";
34          };
35          listeners.local-tcp = {
36            address = "127.0.0.1:53";
37            protocol = "tcp";
38            resolver = "cloudflare-cached";
39          };
40        }
41      '';
42      description = ''
43        Configuration for RouteDNS, see <https://github.com/folbricht/routedns/blob/master/doc/configuration.md>
44        for more information.
45      '';
46    };
47
48    configFile = mkOption {
49      default = settingsFormat.generate "routedns.toml" cfg.settings;
50      defaultText = "A RouteDNS configuration file automatically generated by values from services.routedns.*";
51      type = types.path;
52      example = literalExpression ''"''${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"'';
53      description = "Path to RouteDNS TOML configuration file.";
54    };
55
56    package = mkPackageOption pkgs "routedns" { };
57  };
58
59  config = mkIf cfg.enable {
60    systemd.services.routedns = {
61      description = "RouteDNS - DNS stub resolver, proxy and router";
62      after = [ "network.target" ]; # in case a bootstrap resolver is used, this might fail a few times until the respective server is actually reachable
63      wantedBy = [ "multi-user.target" ];
64      wants = [ "network.target" ];
65      startLimitIntervalSec = 30;
66      startLimitBurst = 5;
67      serviceConfig = {
68        Restart = "on-failure";
69        RestartSec = "5s";
70        LimitNPROC = 512;
71        LimitNOFILE = 1048576;
72        DynamicUser = true;
73        AmbientCapabilities = "CAP_NET_BIND_SERVICE";
74        NoNewPrivileges = true;
75        ExecStart = "${getBin cfg.package}/bin/routedns -l 4 ${cfg.configFile}";
76      };
77    };
78  };
79  meta.maintainers = with maintainers; [ jsimonetti ];
80}