unbound: update from 1.4.21 to 1.4.22, service from Upstart to systemd

1 files changed, 45 insertions, 58 deletions

diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index 30ce4b49fa8..415ff13bdda 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -18,25 +18,25 @@ let
     "forward-zone:\n  name: .\n" +
     concatMapStrings (x: "  forward-addr: ${x}\n") cfg.forwardAddresses;
 
-  confFile = pkgs.writeText "unbound.conf"
-    ''
-      server:
-        directory: "${stateDir}"
-        username: ${username}
-        # make sure unbound can access entropy from inside the chroot.
-        # e.g. on linux the use these commands (on BSD, devfs(8) is used):
-        #      mount --bind -n /dev/random /etc/unbound/dev/random
-        # and  mount --bind -n /dev/log /etc/unbound/dev/log
-        chroot: "${stateDir}"
-        # logfile: "${stateDir}/unbound.log"  #uncomment to use logfile.
-        pidfile: "${stateDir}/unbound.pid"
-        verbosity: 1      # uncomment and increase to get more logging.
-        # listen on all interfaces, answer queries from the local subnet.
+  confFile = pkgs.writeText "unbound.conf" ''
+    server:
+      directory: "${stateDir}"
+      username: ${username}
+      # make sure unbound can access entropy from inside the chroot.
+      # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+      #      mount --bind -n /dev/random /etc/unbound/dev/random
+      # and  mount --bind -n /dev/log /etc/unbound/dev/log
+      chroot: "${stateDir}"
+      # logfile: "${stateDir}/unbound.log"  #uncomment to use logfile.
+      pidfile: "${stateDir}/unbound.pid"
+      verbosity: 1      # uncomment and increase to get more logging.
       ${interfaces}
       ${access}
-      ${forward}
-      ${cfg.extraConfig}
-    '';
+
+    ${forward}
+
+    ${cfg.extraConfig}
+  '';
 
 in
 
@@ -45,73 +45,60 @@ in
   ###### interface
 
   options = {
-
     services.unbound = {
 
       enable = mkOption {
-        default = false;
-        description = "
-          Whether to enable the Unbound domain name server.
-        ";
+	default = false;
+	description = "Whether to enable the Unbound domain name server.";
       };
 
       allowedAccess = mkOption {
-        default = ["127.0.0.0/24"];
-        description = "
-          What networks are allowed to use us as a resolver.
-        ";
+	default = ["127.0.0.0/24"];
+	description = "What networks are allowed to use unbound as a resolver.";
       };
 
       interfaces = mkOption {
-        default = [ "127.0.0.0" "::1" ];
-        description = "
-          What addresses the server should listen to.
-        ";
+	default = [ "127.0.0.1" "::1" ];
+	description = "What addresses the server should listen on.";
       };
 
       forwardAddresses = mkOption {
-        default = [ ];
-        description = "
-          What servers to forward the queries to.
-        ";
+	default = [ ];
+	description = "What servers to forward queries to.";
       };
 
       extraConfig = mkOption {
-        default = "";
-        description = "
-          Extra unbound config
-        ";
+	default = "";
+	description = "Extra lines of unbound config.";
       };
 
     };
-
   };
 
-
   ###### implementation
 
-  config = mkIf config.services.unbound.enable {
-    environment.systemPackages = [ pkgs.unbound ];
-
-    users.extraUsers = singleton
-      { name = username;
-        uid = config.ids.uids.unbound;
-        description = "unbound daemon user";
-        home = "/tmp";
-      };
+  config = mkIf cfg.enable {
 
-    jobs.unbound =
-      { description = "Unbound name server job";
+    environment.systemPackages = [ pkgs.unbound ];
 
-        preStart =
-          ''
-            ${pkgs.coreutils}/bin/mkdir -p ${stateDir}
-          '';
+    users.extraUsers = singleton {
+      name = username;
+      uid = config.ids.uids.unbound;
+      description = "unbound daemon user";
+      home = stateDir;
+      createHome = true;
+    };
 
-        daemonType = "fork";
+    systemd.services.unbound = {
+      description="Unbound recursive Domain Name Server";
+      after = [ "network.target" ];
+      before = [ "nss-lookup.target" ];
+      wants = [" nss-lookup.target" ];
+      wantedBy = [ "multi-user.target" ];
 
-        exec = "${pkgs.unbound}/sbin/unbound -c ${confFile}";
-      };
+      path = [ pkgs.unbound ];
+      serviceConfig.ExecStart = "${pkgs.unbound}/sbin/unbound -d -c ${confFile}";
+    };
 
   };