summary refs log tree commit diff
path: root/nixos/modules/services/networking/powerdns.nix
diff options
context:
space:
mode:
authorJörg Thalheim <joerg@higgsboson.tk>2016-09-17 23:30:27 +0200
committerJörg Thalheim <joerg@higgsboson.tk>2016-09-18 14:52:44 +0200
commitb0a1c0b343a037cd0f162a4e890a93f3c1cfe894 (patch)
tree7a6192acb1b3b4b56dc40180ba7bc0ee91481ff5 /nixos/modules/services/networking/powerdns.nix
parentb32252ddfa530ff67e297ff6ba9e5cb0f91a767a (diff)
downloadnixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar.gz
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar.bz2
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar.lz
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar.xz
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.tar.zst
nixpkgs-b0a1c0b343a037cd0f162a4e890a93f3c1cfe894.zip
powerdns: init at 4.0.1
fixes #18703
Diffstat (limited to 'nixos/modules/services/networking/powerdns.nix')
-rw-r--r--nixos/modules/services/networking/powerdns.nix50
1 files changed, 50 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/powerdns.nix b/nixos/modules/services/networking/powerdns.nix
new file mode 100644
index 00000000000..91ad63b8813
--- /dev/null
+++ b/nixos/modules/services/networking/powerdns.nix
@@ -0,0 +1,50 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.powerdns;
+  configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
+in {
+  options = {
+    services.powerdns = {
+      enable = mkEnableOption "Powerdns domain name server";
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "launch=bind";
+        description = ''
+          Extra lines to be added verbatim to pdns.conf.
+          Powerdns will chroot to /var/lib/powerdns.
+          So any file, powerdns is supposed to be read,
+          should be in /var/lib/powerdns and needs to specified
+          relative to the chroot.
+        '';
+      };
+    };
+  };
+
+  config = mkIf config.services.powerdns.enable {
+    systemd.services.pdns = {
+      unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
+      description = "Powerdns name server";
+      wantedBy = [ "multi-user.target" ];
+      after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
+
+      serviceConfig = {
+        Restart="on-failure";
+        RestartSec="1";
+        StartLimitInterval="0";
+        PrivateTmp=true;
+        PrivateDevices=true;
+        CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
+        NoNewPrivileges=true;
+        ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
+        ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
+        ProtectSystem="full";
+        ProtectHome=true;
+        RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
+      };
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 23:39:50 +0000