diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix index a24ac1f38888..393756a9b2ab 100644 --- a/pkgs/tools/networking/unbound/default.nix +++ b/pkgs/tools/networking/unbound/default.nix @@ -5,9 +5,13 @@ , nettle , expat , libevent +, libsodium +, protobufc +, hiredis , dns-root-data , pkg-config , makeWrapper +, symlinkJoin # # By default unbound will not be built with systemd support. Unbound is a very # commmon dependency. The transitive dependency closure of systemd also @@ -21,6 +25,11 @@ , systemd ? null # optionally support DNS-over-HTTPS as a server , withDoH ? false +, withECS ? false +, withDNSCrypt ? false +, withDNSTAP ? false +, withTFO ? false +, withRedis ? false , libnghttp2 }: @@ -57,8 +66,24 @@ stdenv.mkDerivation rec { "--enable-systemd" ] ++ lib.optionals withDoH [ "--with-libnghttp2=${libnghttp2.dev}" + ] ++ lib.optionals withECS [ + "--enable-subnet" + ] ++ lib.optionals withDNSCrypt [ + "--enable-dnscrypt" + "--with-libsodium=${symlinkJoin { name = "libsodium-full"; paths = [ libsodium.dev libsodium.out ]; }}" + ] ++ lib.optionals withDNSTAP [ + "--enable-dnstap" + "--with-protobuf-c=${protobufc}" + ] ++ lib.optionals withTFO [ + "--enable-tfo-client" + "--enable-tfo-server" + ] ++ lib.optionals withRedis [ + "--enable-cachedb" + "--with-libhiredis=${hiredis}" ]; + PROTOC_C = if withDNSTAP then "${protobufc}/bin/protoc-c" else null; + # Remove references to compile-time dependencies that are included in the configure flags postConfigure = let inherit (builtins) storeDir; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e2f6f1763e06..bb38655185f0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10458,6 +10458,11 @@ with pkgs; unbound-full = unbound.override { withSystemd = true; withDoH = true; + withECS = true; + withDNSCrypt = true; + withDNSTAP = true; + withTFO = true; + withRedis = true; }; unicorn = callPackage ../development/libraries/unicorn { };