Skip to content

Commit

Permalink
nixos/dnscache: add module
Browse files Browse the repository at this point in the history 
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
  • Loading branch information
@jerith666
jerith666 committed Sep 20, 2017
1 parent ab851b6 commit 1b7e5ea
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 0 deletions.
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -419,6 +419,7 @@
./services/networking/ddclient.nix
./services/networking/dhcpcd.nix
./services/networking/dhcpd.nix
./services/networking/dnscache.nix
./services/networking/dnschain.nix
./services/networking/dnscrypt-proxy.nix
./services/networking/dnscrypt-wrapper.nix
Expand Down
86 changes: 86 additions & 0 deletions nixos/modules/services/networking/dnscache.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:

with lib;

let
cfg = config.services.dnscache;

dnscache-root = pkgs.runCommand "dnscache-root" {} ''
mkdir -p $out/{servers,ip}
${concatMapStrings (ip: ''
echo > "$out/ip/"${lib.escapeShellArg ip}
'') cfg.clientIps}
${concatStrings (mapAttrsToList (host: ips: ''
${concatMapStrings (ip: ''
echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host}
'') ips}
'') cfg.domainServers)}
# djbdns contains an outdated list of root servers;
# if one was not provided in config, provide a current list
if [ ! -e servers/@ ]; then
awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@

This comment has been minimized.

Sign in to view

Copy link
@peterhoeg

peterhoeg Sep 26, 2017

Member

Why not fix up the list of root servers at the time of building the package rather than when configuring it?

This comment has been minimized.

Sign in to view

Copy link
@jerith666

jerith666 Sep 26, 2017

Author Contributor

good point, will investigate doing so.

This comment has been minimized.

Sign in to view

Copy link
@jerith666

jerith666 Oct 13, 2017

Author Contributor

I opened #30379 for this.
fi
'';

in {

###### interface

options = {
services.dnscache = {
enable = mkOption {
default = false;
type = types.bool;
description = "Whether to run the dnscache caching dns server";
};

ip = mkOption {
default = "0.0.0.0";
type = types.str;
description = "IP address on which to listen for connections";
};

clientIps = mkOption {
default = [ "127.0.0.1" ];
type = types.listOf types.str;
description = "client IP addresses (or prefixes) from which to accept connections";
example = ["192.168" "172.23.75.82"];
};

domainServers = mkOption {
default = { };
type = types.attrsOf (types.listOf types.str);
description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)";
example = {
"example.com" = ["8.8.8.8" "8.8.4.4"];
};
};
};
};

###### implementation

config = mkIf config.services.dnscache.enable {
environment.systemPackages = [ pkgs.djbdns ];
users.extraUsers.dnscache = {};

systemd.services.dnscache = {
description = "djbdns dnscache server";
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ bash daemontools djbdns ];
preStart = ''
rm -rf /var/lib/dnscache
dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip}
rm -rf /var/lib/dnscache/root
ln -sf ${dnscache-root} /var/lib/dnscache/root
'';
script = ''
cd /var/lib/dnscache/
exec ./run
'';
};
};
}

0 comments on commit 1b7e5ea

Please sign in to comment.