diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml
index 1c1c8908064a..13f4c62c018a 100644
--- a/nixos/doc/manual/release-notes/rl-2003.xml
+++ b/nixos/doc/manual/release-notes/rl-2003.xml
@@ -264,6 +264,14 @@ services.xserver.displayManager.defaultSession = "xfce+icewm";
in container config.
+
+
+ The kresd services deprecates the interfaces option
+ in favor of the listenPlain option which requires full
+ systemd.socket compatible
+ declaration which always include a port.
+
+
Virtual console options have been reorganized and can be found under
diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix
index fc516c01230a..574074944d5e 100644
--- a/nixos/modules/services/networking/kresd.nix
+++ b/nixos/modules/services/networking/kresd.nix
@@ -13,6 +13,17 @@ in
{
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
+ imports = [
+ (mkChangedOptionModule [ "services" "kresd" "interfaces" ] [ "services" "kresd" "listenPlain" ]
+ (config:
+ let value = getAttrFromPath [ "services" "kresd" "interfaces" ] config;
+ in map
+ (iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53") # Syntax depends on being IPv6 or IPv4.
+ value
+ )
+ )
+ ];
+
###### interface
options.services.kresd = {
enable = mkOption {
@@ -39,11 +50,12 @@ in
Directory for caches. They are intended to survive reboots.
'';
};
- interfaces = mkOption {
+ listenPlain = mkOption {
type = with types; listOf str;
- default = [ "::1" "127.0.0.1" ];
+ default = [ "[::1]:53" "127.0.0.1:53" ];
description = ''
- What addresses the server should listen on. (UDP+TCP 53)
+ What addresses and ports the server should listen on.
+ For detailed syntax see ListenStream in man systemd.socket.
'';
};
listenTLS = mkOption {
@@ -51,7 +63,7 @@ in
default = [];
example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ];
description = ''
- Addresses on which kresd should provide DNS over TLS (see RFC 7858).
+ Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858).
For detailed syntax see ListenStream in man systemd.socket.
'';
};
@@ -76,10 +88,7 @@ in
systemd.sockets.kresd = rec {
wantedBy = [ "sockets.target" ];
before = wantedBy;
- listenStreams = map
- # Syntax depends on being IPv6 or IPv4.
- (iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53")
- cfg.interfaces;
+ listenStreams = cfg.listenPlain;
socketConfig = {
ListenDatagram = listenStreams;
FreeBind = true;