Merge pull request #78392 from Mic92/kresd-doh

knot-resolver: add doh support
This commit is contained in:
Jörg Thalheim 2020-01-24 10:31:20 +00:00 committed by GitHub
commit 40e51d2092
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 6 deletions

View File

@ -56,6 +56,7 @@ in {
package = mkOption {
type = types.package;
default = pkgs.knot-dns;
defaultText = "pkgs.knot-dns";
description = ''
Which Knot DNS package to use
'';
@ -92,4 +93,3 @@ in {
environment.systemPackages = [ knot-cli-wrappers ];
};
}

View File

@ -5,12 +5,15 @@ with lib;
let
cfg = config.services.kresd;
package = pkgs.knot-resolver;
configFile = pkgs.writeText "kresd.conf" ''
${optionalString (cfg.listenDoH != []) "modules.load('http')"}
${cfg.extraConfig};
'';
configFile = pkgs.writeText "kresd.conf" cfg.extraConfig;
in
{
package = pkgs.knot-resolver.override {
extraFeatures = cfg.listenDoH != [];
};
in {
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
imports = [
@ -67,6 +70,15 @@ in
For detailed syntax see ListenStream in man systemd.socket.
'';
};
listenDoH = mkOption {
type = with types; listOf str;
default = [];
example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
description = ''
Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
For detailed syntax see ListenStream in man systemd.socket.
'';
};
# TODO: perhaps options for more common stuff like cache size or forwarding
};
@ -104,6 +116,18 @@ in
};
};
systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
partOf = [ "kresd.socket" ];
listenStreams = cfg.listenDoH;
socketConfig = {
FileDescriptorName = "doh";
FreeBind = true;
Service = "kresd.service";
};
};
systemd.sockets.kresd-control = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;