parent
b32252ddfa
commit
b0a1c0b343
@ -386,6 +386,7 @@
|
||||
./services/networking/ostinato.nix
|
||||
./services/networking/pdnsd.nix
|
||||
./services/networking/polipo.nix
|
||||
./services/networking/powerdns.nix
|
||||
./services/networking/pptpd.nix
|
||||
./services/networking/prayer.nix
|
||||
./services/networking/privoxy.nix
|
||||
|
50
nixos/modules/services/networking/powerdns.nix
Normal file
50
nixos/modules/services/networking/powerdns.nix
Normal file
@ -0,0 +1,50 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.services.powerdns;
|
||||
configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
|
||||
in {
|
||||
options = {
|
||||
services.powerdns = {
|
||||
enable = mkEnableOption "Powerdns domain name server";
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "launch=bind";
|
||||
description = ''
|
||||
Extra lines to be added verbatim to pdns.conf.
|
||||
Powerdns will chroot to /var/lib/powerdns.
|
||||
So any file, powerdns is supposed to be read,
|
||||
should be in /var/lib/powerdns and needs to specified
|
||||
relative to the chroot.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.services.powerdns.enable {
|
||||
systemd.services.pdns = {
|
||||
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
|
||||
description = "Powerdns name server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
|
||||
|
||||
serviceConfig = {
|
||||
Restart="on-failure";
|
||||
RestartSec="1";
|
||||
StartLimitInterval="0";
|
||||
PrivateTmp=true;
|
||||
PrivateDevices=true;
|
||||
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
|
||||
NoNewPrivileges=true;
|
||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
|
||||
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
|
||||
ProtectSystem="full";
|
||||
ProtectHome=true;
|
||||
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
41
pkgs/servers/dns/powerdns/default.nix
Normal file
41
pkgs/servers/dns/powerdns/default.nix
Normal file
@ -0,0 +1,41 @@
|
||||
{ stdenv, fetchurl, pkgconfig,
|
||||
boost, libyamlcpp, libsodium, sqlite, protobuf,
|
||||
libmysql, postgresql, lua, openldap, geoip, curl
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "powerdns-${version}";
|
||||
version = "4.0.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
|
||||
sha256 = "1mzdj5077cn6cip51sxknz5hx0cyqlsrix39b7l30i36lvafx4fi";
|
||||
};
|
||||
|
||||
buildInputs = [ boost libmysql postgresql lua openldap sqlite protobuf geoip libyamlcpp pkgconfig libsodium curl ];
|
||||
|
||||
# nix destroy with-modules arguments, when using configureFlags
|
||||
preConfigure = ''
|
||||
configureFlagsArray=(
|
||||
"--with-modules=bind gmysql geoip gpgsql gsqlite3 ldap lua pipe random remote"
|
||||
--with-sqlite3
|
||||
--with-socketdir=/var/lib/powerdns
|
||||
--enable-libsodium
|
||||
--enable-tools
|
||||
--disable-dependency-tracking
|
||||
--disable-silent-rules
|
||||
--enable-reproducible
|
||||
--enable-unit-tests
|
||||
)
|
||||
'';
|
||||
checkPhase = "make check";
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description = "Authoritative DNS server";
|
||||
homepage = http://www.powerdns.com/;
|
||||
platforms = platforms.linux;
|
||||
# cannot find postgresql libs on macos x
|
||||
license = licenses.gpl2;
|
||||
maintainers = [ maintainers.mic92 ];
|
||||
};
|
||||
}
|
@ -11668,6 +11668,8 @@ in
|
||||
|
||||
policycoreutils = callPackage ../os-specific/linux/policycoreutils { };
|
||||
|
||||
powerdns = callPackage ../servers/dns/powerdns { };
|
||||
|
||||
powertop = callPackage ../os-specific/linux/powertop { };
|
||||
|
||||
prayer = callPackage ../servers/prayer { };
|
||||
|
Loading…
Reference in New Issue
Block a user