mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-24 16:03:23 +00:00
6930dd3dee
Previously, the blocky package was hardcoded to the one in pkgs. This change allows to set it, so the user can configure the blocky service to run blocky from nixpkgs-unstable, for example.
44 lines
1.1 KiB
Nix
44 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.services.blocky;
|
|
|
|
format = pkgs.formats.yaml { };
|
|
configFile = format.generate "config.yaml" cfg.settings;
|
|
in
|
|
{
|
|
options.services.blocky = {
|
|
enable = mkEnableOption "blocky, a fast and lightweight DNS proxy as ad-blocker for local network with many features";
|
|
|
|
package = mkPackageOption pkgs "blocky" { };
|
|
|
|
settings = mkOption {
|
|
type = format.type;
|
|
default = { };
|
|
description = ''
|
|
Blocky configuration. Refer to
|
|
<https://0xerr0r.github.io/blocky/configuration/>
|
|
for details on supported values.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.blocky = {
|
|
description = "A DNS proxy and ad-blocker for the local network";
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig = {
|
|
DynamicUser = true;
|
|
ExecStart = "${getExe cfg.package} --config ${configFile}";
|
|
Restart = "on-failure";
|
|
|
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
|
|
};
|
|
};
|
|
};
|
|
}
|