mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-14 17:53:37 +00:00
Merge pull request #78392 from Mic92/kresd-doh
knot-resolver: add doh support
This commit is contained in:
commit
40e51d2092
@ -56,6 +56,7 @@ in {
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.knot-dns;
|
||||
defaultText = "pkgs.knot-dns";
|
||||
description = ''
|
||||
Which Knot DNS package to use
|
||||
'';
|
||||
@ -92,4 +93,3 @@ in {
|
||||
environment.systemPackages = [ knot-cli-wrappers ];
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -5,12 +5,15 @@ with lib;
|
||||
let
|
||||
|
||||
cfg = config.services.kresd;
|
||||
package = pkgs.knot-resolver;
|
||||
configFile = pkgs.writeText "kresd.conf" ''
|
||||
${optionalString (cfg.listenDoH != []) "modules.load('http')"}
|
||||
${cfg.extraConfig};
|
||||
'';
|
||||
|
||||
configFile = pkgs.writeText "kresd.conf" cfg.extraConfig;
|
||||
in
|
||||
|
||||
{
|
||||
package = pkgs.knot-resolver.override {
|
||||
extraFeatures = cfg.listenDoH != [];
|
||||
};
|
||||
in {
|
||||
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
||||
|
||||
imports = [
|
||||
@ -67,6 +70,15 @@ in
|
||||
For detailed syntax see ListenStream in man systemd.socket.
|
||||
'';
|
||||
};
|
||||
listenDoH = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [];
|
||||
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
|
||||
description = ''
|
||||
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
|
||||
For detailed syntax see ListenStream in man systemd.socket.
|
||||
'';
|
||||
};
|
||||
# TODO: perhaps options for more common stuff like cache size or forwarding
|
||||
};
|
||||
|
||||
@ -104,6 +116,18 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
before = wantedBy;
|
||||
partOf = [ "kresd.socket" ];
|
||||
listenStreams = cfg.listenDoH;
|
||||
socketConfig = {
|
||||
FileDescriptorName = "doh";
|
||||
FreeBind = true;
|
||||
Service = "kresd.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.sockets.kresd-control = rec {
|
||||
wantedBy = [ "sockets.target" ];
|
||||
before = wantedBy;
|
||||
|
Loading…
Reference in New Issue
Block a user