dnsmasq: upgrade to 2.71, fixed dnsmasq module

* The module now has systemd config

* Add resolveLocalQueries option which sets up it as a dns server for
  local host (including reasonable setup of resolvconf)

* Add "dnsmasq" user for running daemon

* Enabled dbus and dnssec support for the package

Conflicts:
	nixos/modules/misc/ids.nix

3 files changed, 44 insertions, 10 deletions

diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
index fd1e55f673a..136a5bda745 100644
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -7,6 +7,9 @@ with lib;
 let
 
   cfg = config.networking;
+  dnsmasqResolve = config.services.dnsmasq.enable &&
+                   config.services.dnsmasq.resolveLocalQueries;
+  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
 
 in
 
@@ -74,9 +77,12 @@ in
             '' + optionalString cfg.dnsSingleRequest ''
               # only send one DNS request at a time
               resolv_conf_options='single-request'
-            '' + optionalString config.services.bind.enable ''
+            '' + optionalString hasLocalResolver ''
               # This hosts runs a full-blown DNS resolver.
               name_servers='127.0.0.1'
+            '' + optionalString dnsmasqResolve ''
+              dnsmasq_conf=/etc/dnsmasq-conf.conf
+              dnsmasq_resolv=/etc/dnsmasq-resolv.conf
             '';
       };
 
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 92ab241deaa..513da5d50a1 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -148,6 +148,7 @@
       riemanndash = 138;
       radvd = 139;
       zookeeper = 140;
+      dnsmasq = 141;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix
index 8e38b9d017a..d2a8af6ac8b 100644
--- a/nixos/modules/services/networking/dnsmasq.nix
+++ b/nixos/modules/services/networking/dnsmasq.nix
@@ -6,10 +6,12 @@ let
   cfg = config.services.dnsmasq;
   dnsmasq = pkgs.dnsmasq;
 
-  serversParam = concatMapStrings (s: "-S ${s} ") cfg.servers;
-
   dnsmasqConf = pkgs.writeText "dnsmasq.conf" ''
-    ${cfg.extraConfig}
+    ${optionalString cfg.resolveLocalQueries ''
+      conf-file=/etc/dnsmasq-conf.conf
+      resolv-file=/etc/dnsmasq-resolv.conf
+    ''}
+      ${cfg.extraConfig}
   '';
 
 in
@@ -29,6 +31,14 @@ in
         '';
       };
 
+      resolveLocalQueries = mkOption {
+        default = true;
+        description = ''
+          Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to
+          /etc/resolv.conf)
+        '';
+      };
+
       servers = mkOption {
         default = [];
         example = [ "8.8.8.8" "8.8.4.4" ];
@@ -37,6 +47,8 @@ in
         '';
       };
 
+
+
       extraConfig = mkOption {
         type = types.string;
         default = "";
@@ -55,16 +67,31 @@ in
 
   config = mkIf config.services.dnsmasq.enable {
 
-    jobs.dnsmasq =
-      { description = "dnsmasq daemon";
-
-        startOn = "ip-up";
+    environment.systemPackages = [ dnsmasq ]
+      ++ (if cfg.resolveLocalQueries then [ pkgs.openresolv ] else []);
 
-        daemonType = "daemon";
+    services.dbus.packages = [ dnsmasq ];
 
-        exec = "${dnsmasq}/bin/dnsmasq -R ${serversParam} -o -C ${dnsmasqConf}";
+    users.extraUsers = singleton
+      { name = "dnsmasq";
+        uid = config.ids.uids.dnsmasq;
+        description = "Dnsmasq daemon user";
+        home = "/var/empty";
       };
 
+    systemd.services.dnsmasq = {
+        description = "dnsmasq daemon";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          Type = "dbus";
+          BusName = "uk.org.thekelleys.dnsmasq";
+          ExecStartPre = "${dnsmasq}/bin/dnsmasq --test";
+          ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
+          ExecReload = "${dnsmasq}/bin/kill -HUP $MAINPID";
+        };
+    };
+
   };
 
 }