commit f7d49037a48846e025dd3d8f2ecb47f499431ee8 · pyrox.dev/nixpkgs

+116 -59

nixos/modules/services/networking/dnschain.nix

···

       3
        
       with lib;

     

       4
        
       

     

       5
        
       let

     

       6
       -
         cfg = config.services;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       7
        
       

     

       8
       -
         dnschainConf = pkgs.writeText "dnschain.conf" ''

     

       9
        
           [log]

     

       10
       -
           level=info

     

       11
        
       

     

       12
        
           [dns]

     

       13
       -
           host = 127.0.0.1

     

       14
       -
           port = 5333

     

       15
        
           oldDNSMethod = NO_OLD_DNS

     

       16
       -
           # TODO: check what that address is acutally used for

     

       17
       -
           externalIP = 127.0.0.1

     

       18
        
       

     

       19
        
           [http]

     

       20
       -
           host = 127.0.0.1

     

       21
       -
           port=8088

     

       22
       -
           tlsPort=4443

     

       0
        
       
     

       0
        
       
     

       23
        
         '';

     

       24
        
       

     

       25
        
       in

     
···

       32
        
       

     

       33
        
           services.dnschain = {

     

       34
        
       

     

       35
       -
             enable = mkOption {

     

       36
       -
               type = types.bool;

     

       37
       -
               default = false;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       38
        
               description = ''

     

       39
       -
                 Whether to run dnschain. That implies running

     

       40
       -
                 namecoind as well, so make sure to configure

     

       41
       -
                 it appropriately.

     

       42
        
               '';

     

       43
        
             };

     

       44
        
       

     

       45
       -
           };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       46
        
       

     

       47
       -
           services.dnsmasq = {

     

       48
       -
             resolveDnschainQueries = mkOption {

     

       49
       -
               type = types.bool;

     

       50
       -
               default = false;

     

       51
        
               description = ''

     

       52
       -
                 Resolve <literal>.bit</literal> top-level domains

     

       53
       -
                 with dnschain and namecoind.

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       54
        
               '';

     

       55
        
             };

     

       56
        
       

     

       57
        
           };

     

       58
        
       

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       59
        
         };

     

       60
        
       

     

       61
        
       

     

       62
        
         ###### implementation

     

       63
        
       

     

       64
       -
         config = mkIf cfg.dnschain.enable {

     

       65
        
       

     

       66
       -
           services.namecoind.enable = true;

     

       67
       -
       

     

       68
       -
           services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];

     

       0
        
       
     

       69
        
       

     

       70
       -
           users.extraUsers = singleton

     

       71
       -
             { name = "dnschain";

     

       72
       -
               uid = config.ids.uids.dnschain;

     

       73
       -
               extraGroups = [ "namecoin" ];

     

       74
       -
               description = "Dnschain daemon user";

     

       75
       -
               home = "/var/lib/dnschain";

     

       76
       -
               createHome = true;

     

       77
        
             };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       78
        
       

     

       79
        
           systemd.services.dnschain = {

     

       80
       -
               description = "Dnschain Daemon";

     

       81
       -
               after = [ "namecoind.target" ];

     

       82
       -
               wantedBy = [ "multi-user.target" ];

     

       83
       -
               path = [ pkgs.openssl ];

     

       84
       -
               preStart = ''

     

       85
       -
                 # Link configuration file into dnschain HOME directory

     

       86
       -
                 if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then

     

       87
       -
                     rm -rf /var/lib/dnschain/.dnschain.conf

     

       88
       -
                     ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf

     

       89
       -
                 fi

     

       90
        
       

     

       91
       -
                 # Create empty namecoin.conf so that dnschain is not

     

       92
       -
                 # searching for /etc/namecoin/namecoin.conf

     

       93
       -
                 if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then

     

       94
       -
                     mkdir -p /var/lib/dnschain/.namecoin

     

       95
       -
                     touch /var/lib/dnschain/.namecoin/namecoin.conf

     

       96
       -
                 fi

     

       97
       -
               '';

     

       98
       -
               serviceConfig = {

     

       99
       -
                 Type = "simple";

     

       100
       -
                 User = "dnschain";

     

       101
       -
                 EnvironmentFile = config.services.namecoind.userFile;

     

       102
       -
                 ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";

     

       103
       -
                 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";

     

       104
       -
                 ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";

     

       105
       -
               };

     

       106
        
           };

     

       107
        
       

     

       108
        
         };

···

       3
        
       with lib;

     

       4
        
       

     

       5
        
       let

     

       6
       +
         cfgs = config.services;

     

       7
       +
         cfg  = cfgs.dnschain;

     

       8
       +
       

     

       9
       +
         dataDir  = "/var/lib/dnschain";

     

       10
       +
         username = "dnschain";

     

       11
        
       

     

       12
       +
         configFile = pkgs.writeText "dnschain.conf" ''

     

       13
        
           [log]

     

       14
       +
           level = info

     

       15
        
       

     

       16
        
           [dns]

     

       17
       +
           host = ${cfg.dns.address}

     

       18
       +
           port = ${toString cfg.dns.port}

     

       19
        
           oldDNSMethod = NO_OLD_DNS

     

       20
       +
           externalIP = ${cfg.dns.address}

     

       0
        
       
     

       21
        
       

     

       22
        
           [http]

     

       23
       +
           host = ${cfg.api.hostname}

     

       24
       +
           port = ${toString cfg.api.port}

     

       25
       +
           tlsPort = ${toString cfg.api.tlsPort}

     

       26
       +
       

     

       27
       +
           ${cfg.extraConfig}

     

       28
        
         '';

     

       29
        
       

     

       30
        
       in

     
···

       37
        
       

     

       38
        
           services.dnschain = {

     

       39
        
       

     

       40
       +
             enable = mkEnableOption ''

     

       41
       +
               DNSChain, a blockchain based DNS + HTTP server.

     

       42
       +
               To resolve .bit domains set <literal>services.namecoind.enable = true;</literal>

     

       43
       +
               and an RPC username/password.

     

       44
       +
             '';

     

       45
       +
       

     

       46
       +
             dns.address = mkOption {

     

       47
       +
               type = types.str;

     

       48
       +
               default = "127.0.0.1";

     

       49
        
               description = ''

     

       50
       +
                 The IP address that will be used to reach this machine.

     

       51
       +
                 Leave this unchanged if you do not wish to directly expose the DNSChain resolver.

     

       0
        
       
     

       52
        
               '';

     

       53
        
             };

     

       54
        
       

     

       55
       +
             dns.port = mkOption {

     

       56
       +
               type = types.int;

     

       57
       +
               default = 5333;

     

       58
       +
               description = ''

     

       59
       +
                 The port the DNSChain resolver will bind to.

     

       60
       +
               '';

     

       61
       +
             };

     

       62
        
       

     

       63
       +
             api.hostname = mkOption {

     

       64
       +
               type = types.str;

     

       65
       +
               default = "0.0.0.0";

     

       0
        
       
     

       66
        
               description = ''

     

       67
       +
                 The hostname (or IP address) the DNSChain API server will bind to.

     

       68
       +
               '';

     

       69
       +
             };

     

       70
       +
       

     

       71
       +
             api.port = mkOption {

     

       72
       +
               type = types.int;

     

       73
       +
               default = 8080;

     

       74
       +
               description = ''

     

       75
       +
                 The port the DNSChain API server (HTTP) will bind to.

     

       76
       +
               '';

     

       77
       +
             };

     

       78
       +
       

     

       79
       +
             api.tlsPort = mkOption {

     

       80
       +
               type = types.int;

     

       81
       +
               default = 4433;

     

       82
       +
               description = ''

     

       83
       +
                 The port the DNSChain API server (HTTPS) will bind to.

     

       84
       +
               '';

     

       85
       +
             };

     

       86
       +
       

     

       87
       +
             extraConfig = mkOption {

     

       88
       +
               type = types.lines;

     

       89
       +
               default = "";

     

       90
       +
               example = ''

     

       91
       +
                 [log]

     

       92
       +
                 level = debug

     

       93
       +
               '';

     

       94
       +
               description = ''

     

       95
       +
                 Additional options that will be appended to the configuration file.

     

       96
        
               '';

     

       97
        
             };

     

       98
        
       

     

       99
        
           };

     

       100
        
       

     

       101
       +
           services.dnsmasq.resolveDNSChainQueries = mkOption {

     

       102
       +
             type = types.bool;

     

       103
       +
             default = false;

     

       104
       +
             description = ''

     

       105
       +
               Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.

     

       106
       +
             '';

     

       107
       +
           };

     

       108
       +
       

     

       109
       +
           services.pdns-recursor.resolveDNSChainQueries = mkOption {

     

       110
       +
             type = types.bool;

     

       111
       +
             default = false;

     

       112
       +
             description = ''

     

       113
       +
               Resolve <literal>.bit</literal> top-level domains using DNSChain and namecoin.

     

       114
       +
             '';

     

       115
       +
           };

     

       116
       +
       

     

       117
        
         };

     

       118
        
       

     

       119
        
       

     

       120
        
         ###### implementation

     

       121
        
       

     

       122
       +
         config = mkIf cfg.enable {

     

       123
        
       

     

       124
       +
           services.dnsmasq.servers = optionals cfgs.dnsmasq.resolveDNSChainQueries

     

       125
       +
             [ "/.bit/127.0.0.1#${toString cfg.dns.port}"

     

       126
       +
               "/.dns/127.0.0.1#${toString cfg.dns.port}"

     

       127
       +
             ];

     

       128
        
       

     

       129
       +
           services.pdns-recursor.forwardZones = mkIf cfgs.pdns-recursor.resolveDNSChainQueries

     

       130
       +
             { bit = "127.0.0.1:${toString cfg.dns.port}";

     

       131
       +
               dns = "127.0.0.1:${toString cfg.dns.port}";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       132
        
             };

     

       133
       +
       

     

       134
       +
           users.extraUsers = singleton {

     

       135
       +
             name = username;

     

       136
       +
             description = "DNSChain daemon user";

     

       137
       +
             home = dataDir;

     

       138
       +
             createHome = true;

     

       139
       +
             uid = config.ids.uids.dnschain;

     

       140
       +
             extraGroups = optional cfgs.namecoind.enable "namecoin";

     

       141
       +
           };

     

       142
        
       

     

       143
        
           systemd.services.dnschain = {

     

       144
       +
             description = "DNSChain daemon";

     

       145
       +
             after    = optional cfgs.namecoind.enable "namecoind.target";

     

       146
       +
             wantedBy = [ "multi-user.target" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       147
        
       

     

       148
       +
             serviceConfig = {

     

       149
       +
               User = "dnschain";

     

       150
       +
               Restart = "on-failure";

     

       151
       +
               ExecStart = "${pkgs.dnschain}/bin/dnschain";

     

       152
       +
             };

     

       153
       +
       

     

       154
       +
             preStart = ''

     

       155
       +
               # Link configuration file into dnschain home directory

     

       156
       +
               configPath=${dataDir}/.dnschain/dnschain.conf

     

       157
       +
               mkdir -p ${dataDir}/.dnschain

     

       158
       +
               if [ "$(realpath $configPath)" != "${configFile}" ]; then

     

       159
       +
                 rm -f $configPath

     

       160
       +
                 ln -s ${configFile} $configPath

     

       161
       +
               fi

     

       162
       +
             '';

     

       163
        
           };

     

       164
        
       

     

       165
        
         };