···

       
230
       
230
       
 
       
      shout = 206;

     

       
231
       
231
       
 
       
      gateone = 207;

     

       
232
       
232
       
 
       
      namecoin = 208;

     

       
233
       
233
       
+
       
      dnschain = 209;

     

       
233
       
234
       
 
       


     

       
234
       
235
       
 
       
      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!

     

       
235
       
236
       
 
       


     
···

       
438
       
439
       
 
       
      #shout = 206; #unused

     

       
439
       
440
       
 
       
      gateone = 207;

     

       
440
       
441
       
 
       
      namecoin = 208;

     

       
442
       
442
       
+
       
      #dnschain = 209; #unused

     

       
441
       
443
       
 
       


     

       
442
       
444
       
 
       
      # When adding a gid, make sure it doesn't match an existing

     

       
443
       
445
       
 
       
      # uid. Users and groups with the same name should have equal

     

···

       
275
       
275
       
 
       
  ./services/networking/ddclient.nix

     

       
276
       
276
       
 
       
  ./services/networking/dhcpcd.nix

     

       
277
       
277
       
 
       
  ./services/networking/dhcpd.nix

     

       
278
       
278
       
+
       
  ./services/networking/dnschain.nix

     

       
278
       
279
       
 
       
  ./services/networking/dnscrypt-proxy.nix

     

       
279
       
280
       
 
       
  ./services/networking/dnsmasq.nix

     

       
280
       
281
       
 
       
  ./services/networking/docker-registry-server.nix

     

···

       
1
       
1
       
+
       
{ config, lib, pkgs, ... }:

     

       
2
       
2
       
+
       


     

       
3
       
3
       
+
       
with lib;

     

       
4
       
4
       
+
       


     

       
5
       
5
       
+
       
let

     

       
6
       
6
       
+
       
  cfg = config.services;

     

       
7
       
7
       
+
       


     

       
8
       
8
       
+
       
  dnschainConf = pkgs.writeText "dnschain.conf" ''

     

       
9
       
9
       
+
       
    [log]

     

       
10
       
10
       
+
       
    level=info

     

       
11
       
11
       
+
       


     

       
12
       
12
       
+
       
    [dns]

     

       
13
       
13
       
+
       
    host = 127.0.0.1

     

       
14
       
14
       
+
       
    port = 5333

     

       
15
       
15
       
+
       
    oldDNSMethod = NO_OLD_DNS

     

       
16
       
16
       
+
       
    # TODO: check what that address is acutally used for

     

       
17
       
17
       
+
       
    externalIP = 127.0.0.1

     

       
18
       
18
       
+
       


     

       
19
       
19
       
+
       
    [http]

     

       
20
       
20
       
+
       
    host = 127.0.0.1

     

       
21
       
21
       
+
       
    port=8088

     

       
22
       
22
       
+
       
    tlsPort=4443

     

       
23
       
23
       
+
       
  '';

     

       
24
       
24
       
+
       


     

       
25
       
25
       
+
       
in

     

       
26
       
26
       
+
       


     

       
27
       
27
       
+
       
{

     

       
28
       
28
       
+
       


     

       
29
       
29
       
+
       
  ###### interface

     

       
30
       
30
       
+
       


     

       
31
       
31
       
+
       
  options = {

     

       
32
       
32
       
+
       


     

       
33
       
33
       
+
       
    services.dnschain = {

     

       
34
       
34
       
+
       


     

       
35
       
35
       
+
       
      enable = mkOption {

     

       
36
       
36
       
+
       
        type = types.bool;

     

       
37
       
37
       
+
       
        default = false;

     

       
38
       
38
       
+
       
        description = ''

     

       
39
       
39
       
+
       
          Whether to run dnschain. That implies running

     

       
40
       
40
       
+
       
          namecoind as well, so make sure to configure

     

       
41
       
41
       
+
       
          it appropriately.

     

       
42
       
42
       
+
       
        '';

     

       
43
       
43
       
+
       
      };

     

       
44
       
44
       
+
       


     

       
45
       
45
       
+
       
    };

     

       
46
       
46
       
+
       


     

       
47
       
47
       
+
       
    services.dnsmasq = {

     

       
48
       
48
       
+
       
      resolveDnschainQueries = mkOption {

     

       
49
       
49
       
+
       
        type = types.bool;

     

       
50
       
50
       
+
       
        default = false;

     

       
51
       
51
       
+
       
        description = ''

     

       
52
       
52
       
+
       
          Resolve <literal>.bit</literal> top-level domains

     

       
53
       
53
       
+
       
          with dnschain and namecoind.

     

       
54
       
54
       
+
       
        '';

     

       
55
       
55
       
+
       
      };

     

       
56
       
56
       
+
       


     

       
57
       
57
       
+
       
    };

     

       
58
       
58
       
+
       


     

       
59
       
59
       
+
       
  };

     

       
60
       
60
       
+
       


     

       
61
       
61
       
+
       


     

       
62
       
62
       
+
       
  ###### implementation

     

       
63
       
63
       
+
       


     

       
64
       
64
       
+
       
  config = mkIf cfg.dnschain.enable {

     

       
65
       
65
       
+
       


     

       
66
       
66
       
+
       
    services.namecoind.enable = true;

     

       
67
       
67
       
+
       


     

       
68
       
68
       
+
       
    services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];

     

       
69
       
69
       
+
       


     

       
70
       
70
       
+
       
    users.extraUsers = singleton

     

       
71
       
71
       
+
       
      { name = "dnschain";

     

       
72
       
72
       
+
       
        uid = config.ids.uids.dnschain;

     

       
73
       
73
       
+
       
        extraGroups = [ "namecoin" ];

     

       
74
       
74
       
+
       
        description = "Dnschain daemon user";

     

       
75
       
75
       
+
       
        home = "/var/lib/dnschain";

     

       
76
       
76
       
+
       
        createHome = true;

     

       
77
       
77
       
+
       
      };

     

       
78
       
78
       
+
       


     

       
79
       
79
       
+
       
    systemd.services.dnschain = {

     

       
80
       
80
       
+
       
        description = "Dnschain Daemon";

     

       
81
       
81
       
+
       
        after = [ "namecoind.target" ];

     

       
82
       
82
       
+
       
        wantedBy = [ "multi-user.target" ];

     

       
83
       
83
       
+
       
        path = [ pkgs.openssl ];

     

       
84
       
84
       
+
       
        preStart = ''

     

       
85
       
85
       
+
       
          # Link configuration file into dnschain HOME directory

     

       
86
       
86
       
+
       
          if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then

     

       
87
       
87
       
+
       
              rm -rf /var/lib/dnschain/.dnschain.conf

     

       
88
       
88
       
+
       
              ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf

     

       
89
       
89
       
+
       
          fi

     

       
90
       
90
       
+
       


     

       
91
       
91
       
+
       
          # Create empty namecoin.conf so that dnschain is not

     

       
92
       
92
       
+
       
          # searching for /etc/namecoin/namecoin.conf

     

       
93
       
93
       
+
       
          if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then

     

       
94
       
94
       
+
       
              mkdir -p /var/lib/dnschain/.namecoin

     

       
95
       
95
       
+
       
              touch /var/lib/dnschain/.namecoin/namecoin.conf

     

       
96
       
96
       
+
       
          fi

     

       
97
       
97
       
+
       
        '';

     

       
98
       
98
       
+
       
        serviceConfig = {

     

       
99
       
99
       
+
       
          Type = "simple";

     

       
100
       
100
       
+
       
          User = "dnschain";

     

       
101
       
101
       
+
       
          EnvironmentFile = config.services.namecoind.userFile;

     

       
102
       
102
       
+
       
          ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";

     

       
103
       
103
       
+
       
          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

     

       
104
       
104
       
+
       
          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";

     

       
105
       
105
       
+
       
        };

     

       
106
       
106
       
+
       
    };

     

       
107
       
107
       
+
       


     

       
108
       
108
       
+
       
  };

     

       
109
       
109
       
+
       


     

       
110
       
110
       
+
       
}