nixos/services.dnscrypt-wrapper: remove with lib;

This commit is contained in:
Felix Buehler 2024-08-24 22:05:52 +02:00
parent 0846124d8b
commit 717fa0dea5

View File

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib;
let let
cfg = config.services.dnscrypt-wrapper; cfg = config.services.dnscrypt-wrapper;
dataDir = "/var/lib/dnscrypt-wrapper"; dataDir = "/var/lib/dnscrypt-wrapper";
@ -40,7 +38,7 @@ let
cd ${dataDir} cd ${dataDir}
# generate provider keypair (first run only) # generate provider keypair (first run only)
${optionalString (cfg.providerKey.public == null || cfg.providerKey.secret == null) '' ${lib.optionalString (cfg.providerKey.public == null || cfg.providerKey.secret == null) ''
if [ ! -f ${publicKey} ] || [ ! -f ${secretKey} ]; then if [ ! -f ${publicKey} ] || [ ! -f ${secretKey} ]; then
dnscrypt-wrapper --gen-provider-keypair dnscrypt-wrapper --gen-provider-keypair
fi fi
@ -96,12 +94,12 @@ let
sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy"; sha256 = "0c4mq741q4rpmdn09agwmxap32kf0vgfz7pkhcdc5h54chc3g3xy";
}; };
configureFlags = optional stdenv.isLinux "--with-systemd"; configureFlags = lib.optional stdenv.isLinux "--with-systemd";
nativeBuildInputs = [ autoreconfHook pkg-config ]; nativeBuildInputs = [ autoreconfHook pkg-config ];
# <ldns/ldns.h> depends on <openssl/ssl.h> # <ldns/ldns.h> depends on <openssl/ssl.h>
buildInputs = [ libsodium openssl.dev ldns ] ++ optional stdenv.isLinux systemd; buildInputs = [ libsodium openssl.dev ldns ] ++ lib.optional stdenv.isLinux systemd;
postInstall = '' postInstall = ''
# Previous versions required libtool files to load plugins; they are # Previous versions required libtool files to load plugins; they are
@ -112,9 +110,9 @@ let
meta = { meta = {
description = "A tool for securing communications between a client and a DNS resolver"; description = "A tool for securing communications between a client and a DNS resolver";
homepage = "https://github.com/dyne/dnscrypt-proxy"; homepage = "https://github.com/dyne/dnscrypt-proxy";
license = licenses.isc; license = lib.licenses.isc;
maintainers = with maintainers; [ rnhmjoj ]; maintainers = with lib.maintainers; [ rnhmjoj ];
platforms = platforms.linux; platforms = lib.platforms.linux;
}; };
}) { }; }) { };
@ -124,28 +122,28 @@ in {
###### interface ###### interface
options.services.dnscrypt-wrapper = { options.services.dnscrypt-wrapper = {
enable = mkEnableOption "DNSCrypt wrapper"; enable = lib.mkEnableOption "DNSCrypt wrapper";
address = mkOption { address = lib.mkOption {
type = types.str; type = lib.types.str;
default = "127.0.0.1"; default = "127.0.0.1";
description = '' description = ''
The DNSCrypt wrapper will bind to this IP address. The DNSCrypt wrapper will bind to this IP address.
''; '';
}; };
port = mkOption { port = lib.mkOption {
type = types.port; type = lib.types.port;
default = 5353; default = 5353;
description = '' description = ''
The DNSCrypt wrapper will listen for DNS queries on this port. The DNSCrypt wrapper will listen for DNS queries on this port.
''; '';
}; };
providerName = mkOption { providerName = lib.mkOption {
type = types.str; type = lib.types.str;
default = "2.dnscrypt-cert.${config.networking.hostName}"; default = "2.dnscrypt-cert.${config.networking.hostName}";
defaultText = literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"''; defaultText = lib.literalExpression ''"2.dnscrypt-cert.''${config.networking.hostName}"'';
example = "2.dnscrypt-cert.myresolver"; example = "2.dnscrypt-cert.myresolver";
description = '' description = ''
The name that will be given to this DNSCrypt resolver. The name that will be given to this DNSCrypt resolver.
@ -153,8 +151,8 @@ in {
''; '';
}; };
providerKey.public = mkOption { providerKey.public = lib.mkOption {
type = types.nullOr types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
example = "/etc/secrets/public.key"; example = "/etc/secrets/public.key";
description = '' description = ''
@ -163,8 +161,8 @@ in {
''; '';
}; };
providerKey.secret = mkOption { providerKey.secret = lib.mkOption {
type = types.nullOr types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
example = "/etc/secrets/secret.key"; example = "/etc/secrets/secret.key";
description = '' description = ''
@ -173,24 +171,24 @@ in {
''; '';
}; };
upstream.address = mkOption { upstream.address = lib.mkOption {
type = types.str; type = lib.types.str;
default = "127.0.0.1"; default = "127.0.0.1";
description = '' description = ''
The IP address of the upstream DNS server DNSCrypt will "wrap". The IP address of the upstream DNS server DNSCrypt will "wrap".
''; '';
}; };
upstream.port = mkOption { upstream.port = lib.mkOption {
type = types.port; type = lib.types.port;
default = 53; default = 53;
description = '' description = ''
The port of the upstream DNS server DNSCrypt will "wrap". The port of the upstream DNS server DNSCrypt will "wrap".
''; '';
}; };
keys.expiration = mkOption { keys.expiration = lib.mkOption {
type = types.int; type = lib.types.int;
default = 30; default = 30;
description = '' description = ''
The duration (in days) of the time-limited secret key. The duration (in days) of the time-limited secret key.
@ -198,8 +196,8 @@ in {
''; '';
}; };
keys.checkInterval = mkOption { keys.checkInterval = lib.mkOption {
type = types.int; type = lib.types.int;
default = 1440; default = 1440;
description = '' description = ''
The time interval (in minutes) between key expiration checks. The time interval (in minutes) between key expiration checks.
@ -211,7 +209,7 @@ in {
###### implementation ###### implementation
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
users.users.dnscrypt-wrapper = { users.users.dnscrypt-wrapper = {
description = "dnscrypt-wrapper daemon user"; description = "dnscrypt-wrapper daemon user";