From 88e182b3bf46aaa820d2f56a3c02323ff66285e8 Mon Sep 17 00:00:00 2001 From: Jeroen Simonetti Date: Fri, 27 May 2022 09:03:09 +0200 Subject: [PATCH 1/3] maintainers: add jsimonetti Signed-off-by: Jeroen Simonetti --- maintainers/maintainer-list.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index b1bed259a050..82e2a04a59c3 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -6342,6 +6342,13 @@ github = "jsierles"; githubId = 82; }; + jsimonetti = { + email = "jeroen+nixpkgs@simonetti.nl"; + matrix = "@jeroen:simonetti.nl"; + name = "Jeroen Simonetti"; + github = "jsimonetti"; + githubId = 5478838; + }; jtcoolen = { email = "jtcoolen@pm.me"; name = "Julien Coolen"; From 766a7195574d9b33086be362432d9afbc9f47d78 Mon Sep 17 00:00:00 2001 From: Jeroen Simonetti Date: Wed, 15 Jun 2022 08:32:56 +0200 Subject: [PATCH 2/3] routedns: init at 0.1.5 Signed-off-by: Jeroen Simonetti --- pkgs/tools/networking/routedns/default.nix | 29 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 4 +++ 2 files changed, 33 insertions(+) create mode 100644 pkgs/tools/networking/routedns/default.nix diff --git a/pkgs/tools/networking/routedns/default.nix b/pkgs/tools/networking/routedns/default.nix new file mode 100644 index 000000000000..4cf2c9eeeed8 --- /dev/null +++ b/pkgs/tools/networking/routedns/default.nix @@ -0,0 +1,29 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "routedns"; + version = "0.1.5"; + + src = fetchFromGitHub { + owner = "folbricht"; + repo = "routedns"; + # https://github.com/folbricht/routedns/issues/237 + rev = "02f14a567fee2a289810979446f5260b8a31bf73"; + sha256 = "sha256-oImimNBz1qizUPD6qHi73fGKNCu5cii99GIUo21e+bs="; + }; + + vendorSha256 = "sha256-T6adpxJgOPGy+UOOlGAAf1gjk1wJxwOc9enfv9X3LBE="; + + subPackages = [ "./cmd/routedns" ]; + + meta = with lib; { + homepage = "https://github.com/folbricht/routedns"; + description = "DNS stub resolver, proxy and router"; + license = licenses.bsd3; + maintainers = with maintainers; [ jsimonetti ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 60e4de34f5d8..1349575250ed 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29621,6 +29621,10 @@ with pkgs; robustirc-bridge = callPackage ../servers/irc/robustirc-bridge { }; + routedns = callPackage ../tools/networking/routedns { + buildGoModule = buildGo118Module; + }; + skrooge = libsForQt5.callPackage ../applications/office/skrooge {}; smartgithg = callPackage ../applications/version-management/smartgithg { From 829167bd27d6de5ecbbd1fc43452fb9d3e5ece98 Mon Sep 17 00:00:00 2001 From: Jeroen Simonetti Date: Wed, 15 Jun 2022 08:33:46 +0200 Subject: [PATCH 3/3] nixos/routedns: init Signed-off-by: Jeroen Simonetti --- nixos/modules/module-list.nix | 1 + .../modules/services/networking/routedns.nix | 84 +++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 nixos/modules/services/networking/routedns.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 2607e99d8459..744459bb1315 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -884,6 +884,7 @@ ./services/networking/redsocks.nix ./services/networking/resilio.nix ./services/networking/robustirc-bridge.nix + ./services/networking/routedns.nix ./services/networking/rpcbind.nix ./services/networking/rxe.nix ./services/networking/sabnzbd.nix diff --git a/nixos/modules/services/networking/routedns.nix b/nixos/modules/services/networking/routedns.nix new file mode 100644 index 000000000000..e0f5eedd2c8e --- /dev/null +++ b/nixos/modules/services/networking/routedns.nix @@ -0,0 +1,84 @@ +{ config +, lib +, pkgs +, ... +}: + +with lib; + +let + cfg = config.services.routedns; + settingsFormat = pkgs.formats.toml { }; +in +{ + options.services.routedns = { + enable = mkEnableOption "RouteDNS - DNS stub resolver, proxy and router"; + + settings = mkOption { + type = settingsFormat.type; + example = literalExpression '' + { + resolvers.cloudflare-dot = { + address = "1.1.1.1:853"; + protocol = "dot"; + }; + groups.cloudflare-cached = { + type = "cache"; + resolvers = ["cloudflare-dot"]; + }; + listeners.local-udp = { + address = "127.0.0.1:53"; + protocol = "udp"; + resolver = "cloudflare-cached"; + }; + listeners.local-tcp = { + address = "127.0.0.1:53"; + protocol = "tcp"; + resolver = "cloudflare-cached"; + }; + } + ''; + description = '' + Configuration for RouteDNS, see + for more information. + ''; + }; + + configFile = mkOption { + default = settingsFormat.generate "routedns.toml" cfg.settings; + defaultText = "A RouteDNS configuration file automatically generated by values from services.routedns.*"; + type = types.path; + example = literalExpression ''"''${pkgs.routedns}/cmd/routedns/example-config/use-case-1.toml"''; + description = "Path to RouteDNS TOML configuration file."; + }; + + package = mkOption { + default = pkgs.routedns; + defaultText = literalExpression "pkgs.routedns"; + type = types.package; + description = "RouteDNS package to use."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.routedns = { + description = "RouteDNS - DNS stub resolver, proxy and router"; + after = [ "network.target" ]; # in case a bootstrap resolver is used, this might fail a few times until the respective server is actually reachable + wantedBy = [ "multi-user.target" ]; + wants = [ "network.target" ]; + startLimitIntervalSec = 30; + startLimitBurst = 5; + serviceConfig = { + Restart = "on-failure"; + RestartSec = "5s"; + LimitNPROC = 512; + LimitNOFILE = 1048576; + DynamicUser = true; + AmbientCapabilities = "CAP_NET_BIND_SERVICE"; + NoNewPrivileges = true; + ExecStart = "${getBin cfg.package}/bin/routedns -l 4 ${cfg.configFile}"; + }; + }; + }; + meta.maintainers = with maintainers; [ jsimonetti ]; +}