diff options
author | Emery Hemingway <emery@vfemail.net> | 2014-04-20 11:16:36 -0400 |
---|---|---|
committer | Emery Hemingway <emery@vfemail.net> | 2014-05-29 09:59:55 -0400 |
commit | 0ddce8db12ad89d0c9a437128ad325322fd519e2 (patch) | |
tree | 615ef856d754910461b61fde7c75bbb7a9d9bef7 /nixos/modules/services/networking/unbound.nix | |
parent | 90602bc8a960c6e982cc5c1564b0bd3a580df058 (diff) | |
download | nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar.gz nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar.bz2 nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar.lz nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar.xz nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.tar.zst nixpkgs-0ddce8db12ad89d0c9a437128ad325322fd519e2.zip |
unbound: update from 1.4.21 to 1.4.22, service from Upstart to systemd
Diffstat (limited to 'nixos/modules/services/networking/unbound.nix')
-rw-r--r-- | nixos/modules/services/networking/unbound.nix | 103 |
1 files changed, 45 insertions, 58 deletions
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix index 30ce4b49fa8..415ff13bdda 100644 --- a/nixos/modules/services/networking/unbound.nix +++ b/nixos/modules/services/networking/unbound.nix @@ -18,25 +18,25 @@ let "forward-zone:\n name: .\n" + concatMapStrings (x: " forward-addr: ${x}\n") cfg.forwardAddresses; - confFile = pkgs.writeText "unbound.conf" - '' - server: - directory: "${stateDir}" - username: ${username} - # make sure unbound can access entropy from inside the chroot. - # e.g. on linux the use these commands (on BSD, devfs(8) is used): - # mount --bind -n /dev/random /etc/unbound/dev/random - # and mount --bind -n /dev/log /etc/unbound/dev/log - chroot: "${stateDir}" - # logfile: "${stateDir}/unbound.log" #uncomment to use logfile. - pidfile: "${stateDir}/unbound.pid" - verbosity: 1 # uncomment and increase to get more logging. - # listen on all interfaces, answer queries from the local subnet. + confFile = pkgs.writeText "unbound.conf" '' + server: + directory: "${stateDir}" + username: ${username} + # make sure unbound can access entropy from inside the chroot. + # e.g. on linux the use these commands (on BSD, devfs(8) is used): + # mount --bind -n /dev/random /etc/unbound/dev/random + # and mount --bind -n /dev/log /etc/unbound/dev/log + chroot: "${stateDir}" + # logfile: "${stateDir}/unbound.log" #uncomment to use logfile. + pidfile: "${stateDir}/unbound.pid" + verbosity: 1 # uncomment and increase to get more logging. ${interfaces} ${access} - ${forward} - ${cfg.extraConfig} - ''; + + ${forward} + + ${cfg.extraConfig} + ''; in @@ -45,73 +45,60 @@ in ###### interface options = { - services.unbound = { enable = mkOption { - default = false; - description = " - Whether to enable the Unbound domain name server. - "; + default = false; + description = "Whether to enable the Unbound domain name server."; }; allowedAccess = mkOption { - default = ["127.0.0.0/24"]; - description = " - What networks are allowed to use us as a resolver. - "; + default = ["127.0.0.0/24"]; + description = "What networks are allowed to use unbound as a resolver."; }; interfaces = mkOption { - default = [ "127.0.0.0" "::1" ]; - description = " - What addresses the server should listen to. - "; + default = [ "127.0.0.1" "::1" ]; + description = "What addresses the server should listen on."; }; forwardAddresses = mkOption { - default = [ ]; - description = " - What servers to forward the queries to. - "; + default = [ ]; + description = "What servers to forward queries to."; }; extraConfig = mkOption { - default = ""; - description = " - Extra unbound config - "; + default = ""; + description = "Extra lines of unbound config."; }; }; - }; - ###### implementation - config = mkIf config.services.unbound.enable { - environment.systemPackages = [ pkgs.unbound ]; - - users.extraUsers = singleton - { name = username; - uid = config.ids.uids.unbound; - description = "unbound daemon user"; - home = "/tmp"; - }; + config = mkIf cfg.enable { - jobs.unbound = - { description = "Unbound name server job"; + environment.systemPackages = [ pkgs.unbound ]; - preStart = - '' - ${pkgs.coreutils}/bin/mkdir -p ${stateDir} - ''; + users.extraUsers = singleton { + name = username; + uid = config.ids.uids.unbound; + description = "unbound daemon user"; + home = stateDir; + createHome = true; + }; - daemonType = "fork"; + systemd.services.unbound = { + description="Unbound recursive Domain Name Server"; + after = [ "network.target" ]; + before = [ "nss-lookup.target" ]; + wants = [" nss-lookup.target" ]; + wantedBy = [ "multi-user.target" ]; - exec = "${pkgs.unbound}/sbin/unbound -c ${confFile}"; - }; + path = [ pkgs.unbound ]; + serviceConfig.ExecStart = "${pkgs.unbound}/sbin/unbound -d -c ${confFile}"; + }; }; |