diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index fb1d50434b8..c160ab5783d 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -93,6 +93,12 @@
kicad/default.nix.
+
+
+ The socket for the pdns-recursor module was moved from /var/lib/pdns-recursor
+ to /run/pdns-recursor to match upstream.
+
+
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 81d5d04fa5e..cd21a1609c9 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -297,7 +297,7 @@ in
headphones = 266;
couchpotato = 267;
gogs = 268;
- pdns-recursor = 269;
+ #pdns-recursor = 269; # dynamically allocated as of 2020-20-18
#kresd = 270; # switched to "knot-resolver" with dynamic ID
rpc = 271;
geoip = 272;
diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix
index 6ff181377fc..a326eccfd65 100644
--- a/nixos/modules/services/networking/pdns-recursor.nix
+++ b/nixos/modules/services/networking/pdns-recursor.nix
@@ -3,9 +3,6 @@
with lib;
let
- dataDir = "/var/lib/pdns-recursor";
- username = "pdns-recursor";
-
cfg = config.services.pdns-recursor;
oneOrMore = type: with types; either type (listOf type);
@@ -21,7 +18,7 @@ let
else if builtins.isList val then (concatMapStringsSep "," serialize val)
else "";
- configFile = pkgs.writeText "recursor.conf"
+ configDir = pkgs.writeTextDir "recursor.conf"
(concatStringsSep "\n"
(flip mapAttrsToList cfg.settings
(name: val: "${name}=${serialize val}")));
@@ -173,45 +170,30 @@ in {
serve-rfc1918 = cfg.serveRFC1918;
lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig;
+ daemon = false;
+ write-pid = false;
log-timestamp = false;
disable-syslog = true;
};
- users.users.${username} = {
- home = dataDir;
- createHome = true;
- uid = config.ids.uids.pdns-recursor;
+ systemd.packages = [ pkgs.pdns-recursor ];
+
+ systemd.services.pdns-recursor = {
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ];
+ };
+ };
+
+ users.users.pdns-recursor = {
+ isSystemUser = true;
+ group = "pdns-recursor";
description = "PowerDNS Recursor daemon user";
};
- systemd.services.pdns-recursor = {
- unitConfig.Documentation = "man:pdns_recursor(1) man:rec_control(1)";
- description = "PowerDNS recursive server";
- wantedBy = [ "multi-user.target" ];
- after = [ "network.target" ];
+ users.groups.pdns-recursor = {};
- serviceConfig = {
- User = username;
- Restart ="on-failure";
- RestartSec = "5";
- PrivateTmp = true;
- PrivateDevices = true;
- AmbientCapabilities = "cap_net_bind_service";
- ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \
- --config-dir=${dataDir} \
- --socket-dir=${dataDir}
- '';
- };
-
- preStart = ''
- # Link configuration file into recursor home directory
- configPath=${dataDir}/recursor.conf
- if [ "$(realpath $configPath)" != "${configFile}" ]; then
- rm -f $configPath
- ln -s ${configFile} $configPath
- fi
- '';
- };
};
imports = [
diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix
index 3e62d520be9..d3b440f1d09 100644
--- a/pkgs/servers/dns/pdns-recursor/default.nix
+++ b/pkgs/servers/dns/pdns-recursor/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
configureFlags = [
"--enable-reproducible"
- "--with-systemd"
+ "--enable-systemd"
];
enableParallelBuilding = true;