aboutsummaryrefslogtreecommitdiff
path: root/infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix
diff options
context:
space:
mode:
Diffstat (limited to 'infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix')
-rw-r--r--infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix44
1 files changed, 13 insertions, 31 deletions
diff --git a/infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix b/infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix
index 6ff181377fcc..a326eccfd65d 100644
--- a/infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix
+++ b/infra/libkookie/nixpkgs/nixos/modules/services/networking/pdns-recursor.nix
@@ -3,9 +3,6 @@
with lib;
let
- dataDir = "/var/lib/pdns-recursor";
- username = "pdns-recursor";
-
cfg = config.services.pdns-recursor;
oneOrMore = type: with types; either type (listOf type);
@@ -21,7 +18,7 @@ let
else if builtins.isList val then (concatMapStringsSep "," serialize val)
else "";
- configFile = pkgs.writeText "recursor.conf"
+ configDir = pkgs.writeTextDir "recursor.conf"
(concatStringsSep "\n"
(flip mapAttrsToList cfg.settings
(name: val: "${name}=${serialize val}")));
@@ -173,45 +170,30 @@ in {
serve-rfc1918 = cfg.serveRFC1918;
lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig;
+ daemon = false;
+ write-pid = false;
log-timestamp = false;
disable-syslog = true;
};
- users.users.${username} = {
- home = dataDir;
- createHome = true;
- uid = config.ids.uids.pdns-recursor;
- description = "PowerDNS Recursor daemon user";
- };
+ systemd.packages = [ pkgs.pdns-recursor ];
systemd.services.pdns-recursor = {
- unitConfig.Documentation = "man:pdns_recursor(1) man:rec_control(1)";
- description = "PowerDNS recursive server";
wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
serviceConfig = {
- User = username;
- Restart ="on-failure";
- RestartSec = "5";
- PrivateTmp = true;
- PrivateDevices = true;
- AmbientCapabilities = "cap_net_bind_service";
- ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
- --config-dir=${dataDir} \
- --socket-dir=${dataDir}
- '';
+ ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ];
};
+ };
- preStart = ''
- # Link configuration file into recursor home directory
- configPath=${dataDir}/recursor.conf
- if [ "$(realpath $configPath)" != "${configFile}" ]; then
- rm -f $configPath
- ln -s ${configFile} $configPath
- fi
- '';
+ users.users.pdns-recursor = {
+ isSystemUser = true;
+ group = "pdns-recursor";
+ description = "PowerDNS Recursor daemon user";
};
+
+ users.groups.pdns-recursor = {};
+
};
imports = [
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 13:39:22 +0000