parent
b32252ddfa
commit
b0a1c0b343
@ -0,0 +1,50 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.powerdns; |
||||
configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}"; |
||||
in { |
||||
options = { |
||||
services.powerdns = { |
||||
enable = mkEnableOption "Powerdns domain name server"; |
||||
|
||||
extraConfig = mkOption { |
||||
type = types.lines; |
||||
default = "launch=bind"; |
||||
description = '' |
||||
Extra lines to be added verbatim to pdns.conf. |
||||
Powerdns will chroot to /var/lib/powerdns. |
||||
So any file, powerdns is supposed to be read, |
||||
should be in /var/lib/powerdns and needs to specified |
||||
relative to the chroot. |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf config.services.powerdns.enable { |
||||
systemd.services.pdns = { |
||||
unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)"; |
||||
description = "Powerdns name server"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"]; |
||||
|
||||
serviceConfig = { |
||||
Restart="on-failure"; |
||||
RestartSec="1"; |
||||
StartLimitInterval="0"; |
||||
PrivateTmp=true; |
||||
PrivateDevices=true; |
||||
CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT"; |
||||
NoNewPrivileges=true; |
||||
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns"; |
||||
ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}"; |
||||
ProtectSystem="full"; |
||||
ProtectHome=true; |
||||
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
@ -0,0 +1,41 @@ |
||||
{ stdenv, fetchurl, pkgconfig, |
||||
boost, libyamlcpp, libsodium, sqlite, protobuf, |
||||
libmysql, postgresql, lua, openldap, geoip, curl |
||||
}: |
||||
|
||||
stdenv.mkDerivation rec { |
||||
name = "powerdns-${version}"; |
||||
version = "4.0.1"; |
||||
|
||||
src = fetchurl { |
||||
url = "http://downloads.powerdns.com/releases/pdns-${version}.tar.bz2"; |
||||
sha256 = "1mzdj5077cn6cip51sxknz5hx0cyqlsrix39b7l30i36lvafx4fi"; |
||||
}; |
||||
|
||||
buildInputs = [ boost libmysql postgresql lua openldap sqlite protobuf geoip libyamlcpp pkgconfig libsodium curl ]; |
||||
|
||||
# nix destroy with-modules arguments, when using configureFlags |
||||
preConfigure = '' |
||||
configureFlagsArray=( |
||||
"--with-modules=bind gmysql geoip gpgsql gsqlite3 ldap lua pipe random remote" |
||||
--with-sqlite3 |
||||
--with-socketdir=/var/lib/powerdns |
||||
--enable-libsodium |
||||
--enable-tools |
||||
--disable-dependency-tracking |
||||
--disable-silent-rules |
||||
--enable-reproducible |
||||
--enable-unit-tests |
||||
) |
||||
''; |
||||
checkPhase = "make check"; |
||||
|
||||
meta = with stdenv.lib; { |
||||
description = "Authoritative DNS server"; |
||||
homepage = http://www.powerdns.com/; |
||||
platforms = platforms.linux; |
||||
# cannot find postgresql libs on macos x |
||||
license = licenses.gpl2; |
||||
maintainers = [ maintainers.mic92 ]; |
||||
}; |
||||
} |
Loading…
Reference in new issue