powerdns: init at 4.0.1

fixes #18703
This commit is contained in:
Jörg Thalheim 2016-09-17 23:30:27 +02:00
parent b32252ddfa
commit b0a1c0b343
No known key found for this signature in database
GPG Key ID: CA4106B8D7CC79FA
4 changed files with 94 additions and 0 deletions

View File

@ -386,6 +386,7 @@
./services/networking/ostinato.nix
./services/networking/pdnsd.nix
./services/networking/polipo.nix
./services/networking/powerdns.nix
./services/networking/pptpd.nix
./services/networking/prayer.nix
./services/networking/privoxy.nix

View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.powerdns;
configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
in {
options = {
services.powerdns = {
enable = mkEnableOption "Powerdns domain name server";
extraConfig = mkOption {
type = types.lines;
default = "launch=bind";
description = ''
Extra lines to be added verbatim to pdns.conf.
Powerdns will chroot to /var/lib/powerdns.
So any file, powerdns is supposed to be read,
should be in /var/lib/powerdns and needs to specified
relative to the chroot.
'';
};
};
};
config = mkIf config.services.powerdns.enable {
systemd.services.pdns = {
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
description = "Powerdns name server";
wantedBy = [ "multi-user.target" ];
after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
serviceConfig = {
Restart="on-failure";
RestartSec="1";
StartLimitInterval="0";
PrivateTmp=true;
PrivateDevices=true;
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT";
NoNewPrivileges=true;
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns";
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}";
ProtectSystem="full";
ProtectHome=true;
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6";
};
};
};
}

View File

@ -0,0 +1,41 @@
{ stdenv, fetchurl, pkgconfig,
boost, libyamlcpp, libsodium, sqlite, protobuf,
libmysql, postgresql, lua, openldap, geoip, curl
}:
stdenv.mkDerivation rec {
name = "powerdns-${version}";
version = "4.0.1";
src = fetchurl {
url = "http://downloads.powerdns.com/releases/pdns-${version}.tar.bz2";
sha256 = "1mzdj5077cn6cip51sxknz5hx0cyqlsrix39b7l30i36lvafx4fi";
};
buildInputs = [ boost libmysql postgresql lua openldap sqlite protobuf geoip libyamlcpp pkgconfig libsodium curl ];
# nix destroy with-modules arguments, when using configureFlags
preConfigure = ''
configureFlagsArray=(
"--with-modules=bind gmysql geoip gpgsql gsqlite3 ldap lua pipe random remote"
--with-sqlite3
--with-socketdir=/var/lib/powerdns
--enable-libsodium
--enable-tools
--disable-dependency-tracking
--disable-silent-rules
--enable-reproducible
--enable-unit-tests
)
'';
checkPhase = "make check";
meta = with stdenv.lib; {
description = "Authoritative DNS server";
homepage = http://www.powerdns.com/;
platforms = platforms.linux;
# cannot find postgresql libs on macos x
license = licenses.gpl2;
maintainers = [ maintainers.mic92 ];
};
}

View File

@ -11668,6 +11668,8 @@ in
policycoreutils = callPackage ../os-specific/linux/policycoreutils { };
powerdns = callPackage ../servers/dns/powerdns { };
powertop = callPackage ../os-specific/linux/powertop { };
prayer = callPackage ../servers/prayer { };