Samuel Leathers
6 years ago
parent
78b06757c2
commit
f515ca67f5
@ -0,0 +1,61 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.dnsdist; |
||||
configFile = pkgs.writeText "dndist.conf" '' |
||||
setLocal('${cfg.listenAddress}:${toString cfg.listenPort}') |
||||
${cfg.extraConfig} |
||||
''; |
||||
in { |
||||
options = { |
||||
services.dnsdist = { |
||||
enable = mkEnableOption "dnsdist domain name server"; |
||||
|
||||
listenAddress = mkOption { |
||||
type = types.str; |
||||
description = "Listen IP Address"; |
||||
default = "0.0.0.0"; |
||||
}; |
||||
listenPort = mkOption { |
||||
type = types.int; |
||||
description = "Listen port"; |
||||
default = 53; |
||||
}; |
||||
|
||||
extraConfig = mkOption { |
||||
type = types.lines; |
||||
default = '' |
||||
''; |
||||
description = '' |
||||
Extra lines to be added verbatim to dnsdist.conf. |
||||
''; |
||||
}; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf config.services.dnsdist.enable { |
||||
systemd.services.dnsdist = { |
||||
description = "dnsdist load balancer"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = ["network.target"]; |
||||
|
||||
serviceConfig = { |
||||
Restart="on-failure"; |
||||
RestartSec="1"; |
||||
DynamicUser = true; |
||||
StartLimitInterval="0"; |
||||
PrivateTmp=true; |
||||
PrivateDevices=true; |
||||
CapabilityBoundingSet="CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID"; |
||||
ExecStart = "${pkgs.dnsdist}/bin/dnsdist --supervised --disable-syslog --config ${configFile}"; |
||||
ProtectSystem="full"; |
||||
ProtectHome=true; |
||||
RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; |
||||
LimitNOFILE="16384"; |
||||
TasksMax="8192"; |
||||
}; |
||||
}; |
||||
}; |
||||
} |
||||
Loading…
Reference in new issue