nixos/coredns: init (#54931)
parent
3944fa41a0
commit
b381c27b58
@ -0,0 +1,50 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.coredns; |
||||
configFile = pkgs.writeText "Corefile" cfg.config; |
||||
in { |
||||
options.services.coredns = { |
||||
enable = mkEnableOption "Coredns dns server"; |
||||
|
||||
config = mkOption { |
||||
default = ""; |
||||
example = '' |
||||
. { |
||||
whoami |
||||
} |
||||
''; |
||||
type = types.lines; |
||||
description = "Verbatim Corefile to use. See <link xlink:href=\"https://coredns.io/manual/toc/#configuration\"/> for details."; |
||||
}; |
||||
|
||||
package = mkOption { |
||||
default = pkgs.coredns; |
||||
defaultText = "pkgs.coredns"; |
||||
type = types.package; |
||||
description = "Coredns package to use."; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
systemd.services.coredns = { |
||||
description = "Coredns dns server"; |
||||
after = [ "network.target" ]; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
serviceConfig = { |
||||
PermissionsStartOnly = true; |
||||
LimitNPROC = 512; |
||||
LimitNOFILE = 1048576; |
||||
CapabilityBoundingSet = "cap_net_bind_service"; |
||||
AmbientCapabilities = "cap_net_bind_service"; |
||||
NoNewPrivileges = true; |
||||
DynamicUser = true; |
||||
ExecStart = "${getBin cfg.package}/bin/coredns -conf=${configFile}"; |
||||
ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR1 $MAINPID"; |
||||
Restart = "on-failure"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
Loading…
Reference in new issue