From fca065aff2b31383756b2e876bb3ddaa8cae9c1d Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 17 Oct 2020 17:42:41 -0400 Subject: [PATCH 1/4] pdns-recursor: fix systemd configure flag --- pkgs/servers/dns/pdns-recursor/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/servers/dns/pdns-recursor/default.nix b/pkgs/servers/dns/pdns-recursor/default.nix index 3e62d520be9..d3b440f1d09 100644 --- a/pkgs/servers/dns/pdns-recursor/default.nix +++ b/pkgs/servers/dns/pdns-recursor/default.nix @@ -23,7 +23,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--enable-reproducible" - "--with-systemd" + "--enable-systemd" ]; enableParallelBuilding = true; From 1627bef9c14800e1cf3c3d4d2668865575447267 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 17 Oct 2020 17:59:18 -0400 Subject: [PATCH 2/4] nixos/pdns-recursor: use upstream systemd unit --- .../services/networking/pdns-recursor.nix | 51 +++++++------------ 1 file changed, 17 insertions(+), 34 deletions(-) diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix index 6ff181377fc..adbc7661f65 100644 --- a/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixos/modules/services/networking/pdns-recursor.nix @@ -3,9 +3,6 @@ with lib; let - dataDir = "/var/lib/pdns-recursor"; - username = "pdns-recursor"; - cfg = config.services.pdns-recursor; oneOrMore = type: with types; either type (listOf type); @@ -21,7 +18,7 @@ let else if builtins.isList val then (concatMapStringsSep "," serialize val) else ""; - configFile = pkgs.writeText "recursor.conf" + configDir = pkgs.writeTextDir "recursor.conf" (concatStringsSep "\n" (flip mapAttrsToList cfg.settings (name: val: "${name}=${serialize val}"))); @@ -173,45 +170,31 @@ in { serve-rfc1918 = cfg.serveRFC1918; lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig; + daemon = false; + write-pid = false; log-timestamp = false; disable-syslog = true; }; - users.users.${username} = { - home = dataDir; - createHome = true; + systemd.packages = [ pkgs.pdns-recursor ]; + + systemd.services.pdns-recursor = { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ]; + }; + }; + + users.users.pdns-recursor = { + isSystemUser = true; + group = "pdns-recursor"; uid = config.ids.uids.pdns-recursor; description = "PowerDNS Recursor daemon user"; }; - systemd.services.pdns-recursor = { - unitConfig.Documentation = "man:pdns_recursor(1) man:rec_control(1)"; - description = "PowerDNS recursive server"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + users.groups.pdns-recursor = {}; - serviceConfig = { - User = username; - Restart ="on-failure"; - RestartSec = "5"; - PrivateTmp = true; - PrivateDevices = true; - AmbientCapabilities = "cap_net_bind_service"; - ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \ - --config-dir=${dataDir} \ - --socket-dir=${dataDir} - ''; - }; - - preStart = '' - # Link configuration file into recursor home directory - configPath=${dataDir}/recursor.conf - if [ "$(realpath $configPath)" != "${configFile}" ]; then - rm -f $configPath - ln -s ${configFile} $configPath - fi - ''; - }; }; imports = [ From 6c39180b3784b543272b6056b8d92d402b1085cf Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sat, 17 Oct 2020 17:59:45 -0400 Subject: [PATCH 3/4] nixos/pdns-recursor: declare module user as system user --- nixos/modules/misc/ids.nix | 2 +- nixos/modules/services/networking/pdns-recursor.nix | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 81d5d04fa5e..cd21a1609c9 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -297,7 +297,7 @@ in headphones = 266; couchpotato = 267; gogs = 268; - pdns-recursor = 269; + #pdns-recursor = 269; # dynamically allocated as of 2020-20-18 #kresd = 270; # switched to "knot-resolver" with dynamic ID rpc = 271; geoip = 272; diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix index adbc7661f65..a326eccfd65 100644 --- a/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixos/modules/services/networking/pdns-recursor.nix @@ -189,7 +189,6 @@ in { users.users.pdns-recursor = { isSystemUser = true; group = "pdns-recursor"; - uid = config.ids.uids.pdns-recursor; description = "PowerDNS Recursor daemon user"; }; From dc790c104cc8e0084d8697b271ef64767aa4457f Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Sun, 18 Oct 2020 08:26:35 -0400 Subject: [PATCH 4/4] nixos/pdns-recursor: add release notes --- nixos/doc/manual/release-notes/rl-2103.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index fb1d50434b8..c160ab5783d 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -93,6 +93,12 @@ kicad/default.nix. + + + The socket for the pdns-recursor module was moved from /var/lib/pdns-recursor + to /run/pdns-recursor to match upstream. + +