Merge pull request #29450 from jerith666/djb-1709

Add modules for tinydns and dnscache from djbdns
2017-09-24 15:39:29 +01:00 · 2017-09-24 15:39:29 +01:00 · 975c7b2204
commit 975c7b2204
parent 412fa16bff 735b41c34f
6 changed files with 207 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -426,6 +426,7 @@
  ./services/networking/ddclient.nix
  ./services/networking/dhcpcd.nix
  ./services/networking/dhcpd.nix
+  ./services/networking/dnscache.nix
  ./services/networking/dnschain.nix
  ./services/networking/dnscrypt-proxy.nix
  ./services/networking/dnscrypt-wrapper.nix
@ -526,6 +527,7 @@
  ./services/networking/tcpcrypt.nix
  ./services/networking/teamspeak3.nix
  ./services/networking/tinc.nix
+  ./services/networking/tinydns.nix
  ./services/networking/tftpd.nix
  ./services/networking/tox-bootstrapd.nix
  ./services/networking/toxvpn.nix
--- a/nixos/modules/services/networking/dnscache.nix
+++ b/nixos/modules/services/networking/dnscache.nix
@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.dnscache;
+
+  dnscache-root = pkgs.runCommand "dnscache-root" {} ''
+    mkdir -p $out/{servers,ip}
+
+    ${concatMapStrings (ip: ''
+      echo > "$out/ip/"${lib.escapeShellArg ip}
+    '') cfg.clientIps}
+
+    ${concatStrings (mapAttrsToList (host: ips: ''
+      ${concatMapStrings (ip: ''
+        echo ${lib.escapeShellArg ip} > "$out/servers/"${lib.escapeShellArg host}
+      '') ips}
+    '') cfg.domainServers)}
+
+    # djbdns contains an outdated list of root servers;
+    # if one was not provided in config, provide a current list
+    if [ ! -e servers/@ ]; then
+      awk '/^.?.ROOT-SERVERS.NET/ { print $4 }' ${pkgs.dns-root-data}/root.hints > $out/servers/@
+    fi
+  '';
+
+in {
+
+  ###### interface
+
+  options = {
+    services.dnscache = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Whether to run the dnscache caching dns server";
+      };
+
+      ip = mkOption {
+        default = "0.0.0.0";
+        type = types.str;
+        description = "IP address on which to listen for connections";
+      };
+
+      clientIps = mkOption {
+        default = [ "127.0.0.1" ];
+        type = types.listOf types.str;
+        description = "client IP addresses (or prefixes) from which to accept connections";
+        example = ["192.168" "172.23.75.82"];
+      };
+
+      domainServers = mkOption {
+        default = { };
+        type = types.attrsOf (types.listOf types.str);
+        description = "table of {hostname: server} pairs to use as authoritative servers for hosts (and subhosts)";
+        example = {
+          "example.com" = ["8.8.8.8" "8.8.4.4"];
+        };
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf config.services.dnscache.enable {
+    environment.systemPackages = [ pkgs.djbdns ];
+    users.extraUsers.dnscache = {};
+
+    systemd.services.dnscache = {
+      description = "djbdns dnscache server";
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ bash daemontools djbdns ];
+      preStart = ''
+        rm -rf /var/lib/dnscache
+        dnscache-conf dnscache dnscache /var/lib/dnscache ${config.services.dnscache.ip}
+        rm -rf /var/lib/dnscache/root
+        ln -sf ${dnscache-root} /var/lib/dnscache/root
+      '';
+      script = ''
+        cd /var/lib/dnscache/
+        exec ./run
+      '';
+    };
+  };
+}
--- a/nixos/modules/services/networking/tinydns.nix
+++ b/nixos/modules/services/networking/tinydns.nix
@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  ###### interface
+
+  options = {
+    services.tinydns = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Whether to run the tinydns dns server";
+      };
+
+      data = mkOption {
+        type = types.lines;
+        default = "";
+        description = "The DNS data to serve, in the format described by tinydns-data(8)";
+      };
+
+      ip = mkOption {
+        default = "0.0.0.0";
+        type = types.str;
+        description = "IP address on which to listen for connections";
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf config.services.tinydns.enable {
+    environment.systemPackages = [ pkgs.djbdns ];
+
+    users.extraUsers.tinydns = {};
+
+    systemd.services.tinydns = {
+      description = "djbdns tinydns server";
+      wantedBy = [ "multi-user.target" ];
+      path = with pkgs; [ daemontools djbdns ];
+      preStart = ''
+        rm -rf /var/lib/tinydns
+        tinydns-conf tinydns tinydns /var/lib/tinydns ${config.services.tinydns.ip}
+        cd /var/lib/tinydns/root/
+        ln -sf ${pkgs.writeText "tinydns-data" config.services.tinydns.data} data
+        tinydns-data
+      '';
+      script = ''
+        cd /var/lib/tinydns
+        exec ./run
+      '';
+    };
+  };
+}
--- a/pkgs/tools/networking/djbdns/default.nix
+++ b/pkgs/tools/networking/djbdns/default.nix
@ -0,0 +1,48 @@
+{ stdenv, fetchurl, glibc } :
+
+let
+  version = "1.05";
+
+  manSrc = fetchurl {
+    url = "http://smarden.org/pape/djb/manpages/djbdns-${version}-man-20031023.tar.gz";
+    sha256 = "0sg51gjy6j1hnrra406q1qhf5kvk1m00y8qqhs6r0a699gqmh75s";
+  };
+
+in
+
+stdenv.mkDerivation {
+  name = "djbdns-${version}";
+
+  src = fetchurl {
+    url = "https://cr.yp.to/djbdns/djbdns-${version}.tar.gz";
+    sha256 = "0j3baf92vkczr5fxww7rp1b7gmczxmmgrqc8w2dy7kgk09m85k9w";
+  };
+
+  patches = [ ./hier.patch ];
+
+  postPatch = ''
+    echo gcc -O2 -include ${glibc.dev}/include/errno.h > conf-cc
+    echo $out > conf-home
+    sed -i "s|/etc/dnsroots.global|$out/etc/dnsroots.global|" dnscache-conf.c
+  '';
+
+  installPhase = ''
+    mkdir -pv $out/etc;
+    make setup
+    cd $out;
+    tar xzvf ${manSrc};
+    for n in 1 5 8; do
+      mkdir -p man/man$n;
+      mv -iv djbdns-man/*.$n man/man$n;
+    done;
+    rm -rv djbdns-man;
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A collection of Domain Name System tools";
+    longDescription = "Includes software for all the fundamental DNS operations: DNS cache: finding addresses of Internet hosts; DNS server: publishing addresses of Internet hosts; and DNS client: talking to a DNS cache.";
+    homepage = https://cr.yp.to/djbdns.html;
+    license = licenses.publicDomain;
+    maintainers = with maintainers; [ jerith666 ];
+  };
+}
--- a/pkgs/tools/networking/djbdns/hier.patch
+++ b/pkgs/tools/networking/djbdns/hier.patch
@ -0,0 +1,15 @@
+--- a/hier.c	2016-04-19 21:22:21.992192405 -0400
+++ b/hier.c	2016-04-19 21:22:33.160229778 -0400
+@@ -2,9 +2,9 @@
+ 
+ void hier()
+ {
+-  c("/","etc","dnsroots.global",-1,-1,0644);
+  c(auto_home,"etc","dnsroots.global",-1,-1,0644);
+ 
+-  h(auto_home,-1,-1,02755);
+-  d(auto_home,"bin",-1,-1,02755);
+  h(auto_home,-1,-1,0755);
+  d(auto_home,"bin",-1,-1,0755);
+ 
+   c(auto_home,"bin","dnscache-conf",-1,-1,0755);
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -1671,6 +1671,8 @@ with pkgs;

  dev86 = callPackage ../development/compilers/dev86 { };

+  djbdns = callPackage ../tools/networking/djbdns { };
+
  dnscrypt-proxy = callPackage ../tools/networking/dnscrypt-proxy { };

  dnscrypt-wrapper = callPackage ../tools/networking/dnscrypt-wrapper { };