diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 485138e1ff3..a4dcad4b17f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -386,6 +386,7 @@ ./services/networking/ostinato.nix ./services/networking/pdnsd.nix ./services/networking/polipo.nix + ./services/networking/powerdns.nix ./services/networking/pptpd.nix ./services/networking/prayer.nix ./services/networking/privoxy.nix diff --git a/nixos/modules/services/networking/powerdns.nix b/nixos/modules/services/networking/powerdns.nix new file mode 100644 index 00000000000..91ad63b8813 --- /dev/null +++ b/nixos/modules/services/networking/powerdns.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.powerdns; + configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}"; +in { + options = { + services.powerdns = { + enable = mkEnableOption "Powerdns domain name server"; + + extraConfig = mkOption { + type = types.lines; + default = "launch=bind"; + description = '' + Extra lines to be added verbatim to pdns.conf. + Powerdns will chroot to /var/lib/powerdns. + So any file, powerdns is supposed to be read, + should be in /var/lib/powerdns and needs to specified + relative to the chroot. + ''; + }; + }; + }; + + config = mkIf config.services.powerdns.enable { + systemd.services.pdns = { + unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)"; + description = "Powerdns name server"; + wantedBy = [ "multi-user.target" ]; + after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"]; + + serviceConfig = { + Restart="on-failure"; + RestartSec="1"; + StartLimitInterval="0"; + PrivateTmp=true; + PrivateDevices=true; + CapabilityBoundingSet="CAP_CHOWN CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT"; + NoNewPrivileges=true; + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/lib/powerdns"; + ExecStart = "${pkgs.powerdns}/bin/pdns_server --setuid=nobody --setgid=nogroup --chroot=/var/lib/powerdns --socket-dir=/ --daemon=no --guardian=no --disable-syslog --write-pid=no --config-dir=${configDir}"; + ProtectSystem="full"; + ProtectHome=true; + RestrictAddressFamilies="AF_UNIX AF_INET AF_INET6"; + }; + }; + }; +} diff --git a/pkgs/servers/dns/powerdns/default.nix b/pkgs/servers/dns/powerdns/default.nix new file mode 100644 index 00000000000..63cd71e146b --- /dev/null +++ b/pkgs/servers/dns/powerdns/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, pkgconfig, + boost, libyamlcpp, libsodium, sqlite, protobuf, + libmysql, postgresql, lua, openldap, geoip, curl +}: + +stdenv.mkDerivation rec { + name = "powerdns-${version}"; + version = "4.0.1"; + + src = fetchurl { + url = "http://downloads.powerdns.com/releases/pdns-${version}.tar.bz2"; + sha256 = "1mzdj5077cn6cip51sxknz5hx0cyqlsrix39b7l30i36lvafx4fi"; + }; + + buildInputs = [ boost libmysql postgresql lua openldap sqlite protobuf geoip libyamlcpp pkgconfig libsodium curl ]; + + # nix destroy with-modules arguments, when using configureFlags + preConfigure = '' + configureFlagsArray=( + "--with-modules=bind gmysql geoip gpgsql gsqlite3 ldap lua pipe random remote" + --with-sqlite3 + --with-socketdir=/var/lib/powerdns + --enable-libsodium + --enable-tools + --disable-dependency-tracking + --disable-silent-rules + --enable-reproducible + --enable-unit-tests + ) + ''; + checkPhase = "make check"; + + meta = with stdenv.lib; { + description = "Authoritative DNS server"; + homepage = http://www.powerdns.com/; + platforms = platforms.linux; + # cannot find postgresql libs on macos x + license = licenses.gpl2; + maintainers = [ maintainers.mic92 ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index aa610892a33..c464aa5d04b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -11668,6 +11668,8 @@ in policycoreutils = callPackage ../os-specific/linux/policycoreutils { }; + powerdns = callPackage ../servers/dns/powerdns { }; + powertop = callPackage ../os-specific/linux/powertop { }; prayer = callPackage ../servers/prayer { };