nixos/services.dnscrypt-wrapper: remove with lib;
This commit is contained in:
parent
0846124d8b
commit
717fa0dea5
@ -1,6 +1,4 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.dnscrypt-wrapper;
|
cfg = config.services.dnscrypt-wrapper;
|
||||||
dataDir = "/var/lib/dnscrypt-wrapper";
|
dataDir = "/var/lib/dnscrypt-wrapper";
|
||||||
@ -40,7 +38,7 @@ let
|
|||||||
cd ${dataDir}
|
cd ${dataDir}
|
||||||
|
|
||||||
# generate provider keypair (first run only)
|
# generate provider keypair (first run only)
|
||||||
${optionalString (cfg.providerKey.public == null || cfg.providerKey.secret == null) ''
|
${lib.optionalString (cfg.providerKey.public == null || cfg.providerKey.secret == null) ''
|
||||||
if [ ! -f ${publicKey} ] || [ ! -f ${secretKey} ]; then
|
if [ ! -f ${publicKey} ] || [ ! -f ${secretKey} ]; then
|
||||||
dnscrypt-wrapper --gen-provider-keypair
|
dnscrypt-wrapper --gen-provider-keypair
|
||||||
fi
|
fi
|
||||||
@ -96,12 +94,12 @@ let
|
|||||||
sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy";
|
sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy";
|
||||||
};
|
};
|
||||||
|
|
||||||
configureFlags = optional stdenv.isLinux "--with-systemd";
|
configureFlags = lib.optional stdenv.isLinux "--with-systemd";
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook pkg-config ];
|
nativeBuildInputs = [ autoreconfHook pkg-config ];
|
||||||
|
|
||||||
# <ldns/ldns.h> depends on <openssl/ssl.h>
|
# <ldns/ldns.h> depends on <openssl/ssl.h>
|
||||||
buildInputs = [ libsodium openssl.dev ldns ] ++ optional stdenv.isLinux systemd;
|
buildInputs = [ libsodium openssl.dev ldns ] ++ lib.optional stdenv.isLinux systemd;
|
||||||
|
|
||||||
postInstall = ''
|
postInstall = ''
|
||||||
# Previous versions required libtool files to load plugins; they are
|
# Previous versions required libtool files to load plugins; they are
|
||||||
@ -112,9 +110,9 @@ let
|
|||||||
meta = {
|
meta = {
|
||||||
description = "A tool for securing communications between a client and a DNS resolver";
|
description = "A tool for securing communications between a client and a DNS resolver";
|
||||||
homepage = "https://github.com/dyne/dnscrypt-proxy";
|
homepage = "https://github.com/dyne/dnscrypt-proxy";
|
||||||
license = licenses.isc;
|
license = lib.licenses.isc;
|
||||||
maintainers = with maintainers; [ rnhmjoj ];
|
maintainers = with lib.maintainers; [ rnhmjoj ];
|
||||||
platforms = platforms.linux;
|
platforms = lib.platforms.linux;
|
||||||
};
|
};
|
||||||
}) { };
|
}) { };
|
||||||
|
|
||||||
@ -124,28 +122,28 @@ in {
|
|||||||
###### interface
|
###### interface
|
||||||
|
|
||||||
options.services.dnscrypt-wrapper = {
|
options.services.dnscrypt-wrapper = {
|
||||||
enable = mkEnableOption "DNSCrypt wrapper";
|
enable = lib.mkEnableOption "DNSCrypt wrapper";
|
||||||
|
|
||||||
address = mkOption {
|
address = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "127.0.0.1";
|
default = "127.0.0.1";
|
||||||
description = ''
|
description = ''
|
||||||
The DNSCrypt wrapper will bind to this IP address.
|
The DNSCrypt wrapper will bind to this IP address.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
port = mkOption {
|
port = lib.mkOption {
|
||||||
type = types.port;
|
type = lib.types.port;
|
||||||
default = 5353;
|
default = 5353;
|
||||||
description = ''
|
description = ''
|
||||||
The DNSCrypt wrapper will listen for DNS queries on this port.
|
The DNSCrypt wrapper will listen for DNS queries on this port.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
providerName = mkOption {
|
providerName = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "2.dnscrypt-cert.${config.networking.hostName}";
|
default = "2.dnscrypt-cert.${config.networking.hostName}";
|
||||||
defaultText = literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"'';
|
defaultText = lib.literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"'';
|
||||||
example = "2.dnscrypt-cert.myresolver";
|
example = "2.dnscrypt-cert.myresolver";
|
||||||
description = ''
|
description = ''
|
||||||
The name that will be given to this DNSCrypt resolver.
|
The name that will be given to this DNSCrypt resolver.
|
||||||
@ -153,8 +151,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
providerKey.public = mkOption {
|
providerKey.public = lib.mkOption {
|
||||||
type = types.nullOr types.path;
|
type = lib.types.nullOr lib.types.path;
|
||||||
default = null;
|
default = null;
|
||||||
example = "/etc/secrets/public.key";
|
example = "/etc/secrets/public.key";
|
||||||
description = ''
|
description = ''
|
||||||
@ -163,8 +161,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
providerKey.secret = mkOption {
|
providerKey.secret = lib.mkOption {
|
||||||
type = types.nullOr types.path;
|
type = lib.types.nullOr lib.types.path;
|
||||||
default = null;
|
default = null;
|
||||||
example = "/etc/secrets/secret.key";
|
example = "/etc/secrets/secret.key";
|
||||||
description = ''
|
description = ''
|
||||||
@ -173,24 +171,24 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
upstream.address = mkOption {
|
upstream.address = lib.mkOption {
|
||||||
type = types.str;
|
type = lib.types.str;
|
||||||
default = "127.0.0.1";
|
default = "127.0.0.1";
|
||||||
description = ''
|
description = ''
|
||||||
The IP address of the upstream DNS server DNSCrypt will "wrap".
|
The IP address of the upstream DNS server DNSCrypt will "wrap".
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
upstream.port = mkOption {
|
upstream.port = lib.mkOption {
|
||||||
type = types.port;
|
type = lib.types.port;
|
||||||
default = 53;
|
default = 53;
|
||||||
description = ''
|
description = ''
|
||||||
The port of the upstream DNS server DNSCrypt will "wrap".
|
The port of the upstream DNS server DNSCrypt will "wrap".
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
keys.expiration = mkOption {
|
keys.expiration = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 30;
|
default = 30;
|
||||||
description = ''
|
description = ''
|
||||||
The duration (in days) of the time-limited secret key.
|
The duration (in days) of the time-limited secret key.
|
||||||
@ -198,8 +196,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
keys.checkInterval = mkOption {
|
keys.checkInterval = lib.mkOption {
|
||||||
type = types.int;
|
type = lib.types.int;
|
||||||
default = 1440;
|
default = 1440;
|
||||||
description = ''
|
description = ''
|
||||||
The time interval (in minutes) between key expiration checks.
|
The time interval (in minutes) between key expiration checks.
|
||||||
@ -211,7 +209,7 @@ in {
|
|||||||
|
|
||||||
###### implementation
|
###### implementation
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
users.users.dnscrypt-wrapper = {
|
users.users.dnscrypt-wrapper = {
|
||||||
description = "dnscrypt-wrapper daemon user";
|
description = "dnscrypt-wrapper daemon user";
|
||||||
|
Loading…
Reference in New Issue
Block a user