aboutsummaryrefslogtreecommitdiff
path: root/nixpkgs/nixos/modules/services/networking/kresd.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/modules/services/networking/kresd.nix')
-rw-r--r--nixpkgs/nixos/modules/services/networking/kresd.nix34
1 files changed, 29 insertions, 5 deletions
diff --git a/nixpkgs/nixos/modules/services/networking/kresd.nix b/nixpkgs/nixos/modules/services/networking/kresd.nix
index 5eb50a13ca9..bb941e93e15 100644
--- a/nixpkgs/nixos/modules/services/networking/kresd.nix
+++ b/nixpkgs/nixos/modules/services/networking/kresd.nix
@@ -5,12 +5,15 @@ with lib;
let
cfg = config.services.kresd;
- package = pkgs.knot-resolver;
+ configFile = pkgs.writeText "kresd.conf" ''
+ ${optionalString (cfg.listenDoH != []) "modules.load('http')"}
+ ${cfg.extraConfig};
+ '';
- configFile = pkgs.writeText "kresd.conf" cfg.extraConfig;
-in
-
-{
+ package = pkgs.knot-resolver.override {
+ extraFeatures = cfg.listenDoH != [];
+ };
+in {
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
imports = [
@@ -67,6 +70,15 @@ in
For detailed syntax see ListenStream in man systemd.socket.
'';
};
+ listenDoH = mkOption {
+ type = with types; listOf str;
+ default = [];
+ example = [ "198.51.100.1:443" "[2001:db8::1]:443" "443" ];
+ description = ''
+ Addresses and ports on which kresd should provide DNS over HTTPS (see RFC 7858).
+ For detailed syntax see ListenStream in man systemd.socket.
+ '';
+ };
# TODO: perhaps options for more common stuff like cache size or forwarding
};
@@ -104,6 +116,18 @@ in
};
};
+ systemd.sockets.kresd-doh = mkIf (cfg.listenDoH != []) rec {
+ wantedBy = [ "sockets.target" ];
+ before = wantedBy;
+ partOf = [ "kresd.socket" ];
+ listenStreams = cfg.listenDoH;
+ socketConfig = {
+ FileDescriptorName = "doh";
+ FreeBind = true;
+ Service = "kresd.service";
+ };
+ };
+
systemd.sockets.kresd-control = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 05:49:16 +0000