diff options
Diffstat (limited to 'nixos/modules/services/networking/dnsdist.nix')
| -rw-r--r-- | nixos/modules/services/networking/dnsdist.nix | 29 |
1 files changed, 11 insertions, 18 deletions
diff --git a/nixos/modules/services/networking/dnsdist.nix b/nixos/modules/services/networking/dnsdist.nix index 8249da69bc1..c7c6a79864c 100644 --- a/nixos/modules/services/networking/dnsdist.nix +++ b/nixos/modules/services/networking/dnsdist.nix @@ -4,10 +4,10 @@ with lib; let cfg = config.services.dnsdist; - configFile = pkgs.writeText "dndist.conf" '' + configFile = pkgs.writeText "dnsdist.conf" '' setLocal('${cfg.listenAddress}:${toString cfg.listenPort}') ${cfg.extraConfig} - ''; + ''; in { options = { services.dnsdist = { @@ -26,8 +26,7 @@ in { extraConfig = mkOption { type = types.lines; - default = '' - ''; + default = ""; description = '' Extra lines to be added verbatim to dnsdist.conf. ''; @@ -35,25 +34,19 @@ in { }; }; - config = mkIf config.services.dnsdist.enable { + config = mkIf cfg.enable { + systemd.packages = [ pkgs.dnsdist ]; + systemd.services.dnsdist = { - description = "dnsdist load balancer"; wantedBy = [ "multi-user.target" ]; - after = ["network.target"]; + startLimitIntervalSec = 0; serviceConfig = { - Restart="on-failure"; - RestartSec="1"; DynamicUser = true; - StartLimitInterval="0"; - PrivateDevices=true; - AmbientCapabilities="CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet="CAP_NET_BIND_SERVICE"; - ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; - ProtectHome=true; - RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; - LimitNOFILE="16384"; - TasksMax="8192"; + + # upstream overrides for better nixos compatibility + ExecStartPre = [ "" "${pkgs.dnsdist}/bin/dnsdist --check-config --config ${configFile}" ]; + ExecStart = [ "" "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}" ]; }; }; }; |