pyrox.dev
dnschain nixos module: init
+2
nixos/modules/misc/ids.nix
+2
nixos/modules/misc/ids.nix
···
230
shout = 206;
231
gateone = 207;
232
namecoin = 208;
233
234
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
235
···
438
#shout = 206; #unused
439
gateone = 207;
440
namecoin = 208;
441
442
# When adding a gid, make sure it doesn't match an existing
443
# uid. Users and groups with the same name should have equal
···
230
shout = 206;
231
gateone = 207;
232
namecoin = 208;
233
+
dnschain = 209;
234
235
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
236
···
439
#shout = 206; #unused
440
gateone = 207;
441
namecoin = 208;
442
+
#dnschain = 209; #unused
443
444
# When adding a gid, make sure it doesn't match an existing
445
# uid. Users and groups with the same name should have equal
+1
nixos/modules/module-list.nix
+1
nixos/modules/module-list.nix
+110
nixos/modules/services/networking/dnschain.nix
+110
nixos/modules/services/networking/dnschain.nix
···
···
1
+
{ config, lib, pkgs, ... }:
2
+
3
+
with lib;
4
+
5
+
let
6
+
cfg = config.services;
7
+
8
+
dnschainConf = pkgs.writeText "dnschain.conf" ''
9
+
[log]
10
+
level=info
11
+
12
+
[dns]
13
+
host = 127.0.0.1
14
+
port = 5333
15
+
oldDNSMethod = NO_OLD_DNS
16
+
# TODO: check what that address is acutally used for
17
+
externalIP = 127.0.0.1
18
+
19
+
[http]
20
+
host = 127.0.0.1
21
+
port=8088
22
+
tlsPort=4443
23
+
'';
24
+
25
+
in
26
+
27
+
{
28
+
29
+
###### interface
30
+
31
+
options = {
32
+
33
+
services.dnschain = {
34
+
35
+
enable = mkOption {
36
+
type = types.bool;
37
+
default = false;
38
+
description = ''
39
+
Whether to run dnschain. That implies running
40
+
namecoind as well, so make sure to configure
41
+
it appropriately.
42
+
'';
43
+
};
44
+
45
+
};
46
+
47
+
services.dnsmasq = {
48
+
resolveDnschainQueries = mkOption {
49
+
type = types.bool;
50
+
default = false;
51
+
description = ''
52
+
Resolve <literal>.bit</literal> top-level domains
53
+
with dnschain and namecoind.
54
+
'';
55
+
};
56
+
57
+
};
58
+
59
+
};
60
+
61
+
62
+
###### implementation
63
+
64
+
config = mkIf cfg.dnschain.enable {
65
+
66
+
services.namecoind.enable = true;
67
+
68
+
services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
69
+
70
+
users.extraUsers = singleton
71
+
{ name = "dnschain";
72
+
uid = config.ids.uids.dnschain;
73
+
extraGroups = [ "namecoin" ];
74
+
description = "Dnschain daemon user";
75
+
home = "/var/lib/dnschain";
76
+
createHome = true;
77
+
};
78
+
79
+
systemd.services.dnschain = {
80
+
description = "Dnschain Daemon";
81
+
after = [ "namecoind.target" ];
82
+
wantedBy = [ "multi-user.target" ];
83
+
path = [ pkgs.openssl ];
84
+
preStart = ''
85
+
# Link configuration file into dnschain HOME directory
86
+
if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
87
+
rm -rf /var/lib/dnschain/.dnschain.conf
88
+
ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
89
+
fi
90
+
91
+
# Create empty namecoin.conf so that dnschain is not
92
+
# searching for /etc/namecoin/namecoin.conf
93
+
if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
94
+
mkdir -p /var/lib/dnschain/.namecoin
95
+
touch /var/lib/dnschain/.namecoin/namecoin.conf
96
+
fi
97
+
'';
98
+
serviceConfig = {
99
+
Type = "simple";
100
+
User = "dnschain";
101
+
EnvironmentFile = config.services.namecoind.userFile;
102
+
ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
103
+
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
104
+
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
105
+
};
106
+
};
107
+
108
+
};
109
+
110
+
}