diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix index fd1e55f673ae..136a5bda7459 100644 --- a/nixos/modules/config/networking.nix +++ b/nixos/modules/config/networking.nix @@ -7,6 +7,9 @@ with lib; let cfg = config.networking; + dnsmasqResolve = config.services.dnsmasq.enable && + config.services.dnsmasq.resolveLocalQueries; + hasLocalResolver = config.services.bind.enable || dnsmasqResolve; in @@ -74,9 +77,12 @@ in '' + optionalString cfg.dnsSingleRequest '' # only send one DNS request at a time resolv_conf_options='single-request' - '' + optionalString config.services.bind.enable '' + '' + optionalString hasLocalResolver '' # This hosts runs a full-blown DNS resolver. name_servers='127.0.0.1' + '' + optionalString dnsmasqResolve '' + dnsmasq_conf=/etc/dnsmasq-conf.conf + dnsmasq_resolv=/etc/dnsmasq-resolv.conf ''; }; diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 92ab241deaa1..513da5d50a18 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -148,6 +148,7 @@ riemanndash = 138; radvd = 139; zookeeper = 140; + dnsmasq = 141; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix index 8e38b9d017a3..d2a8af6ac8b1 100644 --- a/nixos/modules/services/networking/dnsmasq.nix +++ b/nixos/modules/services/networking/dnsmasq.nix @@ -6,10 +6,12 @@ let cfg = config.services.dnsmasq; dnsmasq = pkgs.dnsmasq; - serversParam = concatMapStrings (s: "-S ${s} ") cfg.servers; - dnsmasqConf = pkgs.writeText "dnsmasq.conf" '' - ${cfg.extraConfig} + ${optionalString cfg.resolveLocalQueries '' + conf-file=/etc/dnsmasq-conf.conf + resolv-file=/etc/dnsmasq-resolv.conf + ''} + ${cfg.extraConfig} ''; in @@ -29,6 +31,14 @@ in ''; }; + resolveLocalQueries = mkOption { + default = true; + description = '' + Whether dnsmasq should resolve local queries (i.e. add 127.0.0.1 to + /etc/resolv.conf) + ''; + }; + servers = mkOption { default = []; example = [ "8.8.8.8" "8.8.4.4" ]; @@ -37,6 +47,8 @@ in ''; }; + + extraConfig = mkOption { type = types.string; default = ""; @@ -55,16 +67,31 @@ in config = mkIf config.services.dnsmasq.enable { - jobs.dnsmasq = - { description = "dnsmasq daemon"; + environment.systemPackages = [ dnsmasq ] + ++ (if cfg.resolveLocalQueries then [ pkgs.openresolv ] else []); - startOn = "ip-up"; + services.dbus.packages = [ dnsmasq ]; - daemonType = "daemon"; - - exec = "${dnsmasq}/bin/dnsmasq -R ${serversParam} -o -C ${dnsmasqConf}"; + users.extraUsers = singleton + { name = "dnsmasq"; + uid = config.ids.uids.dnsmasq; + description = "Dnsmasq daemon user"; + home = "/var/empty"; }; + systemd.services.dnsmasq = { + description = "dnsmasq daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "dbus"; + BusName = "uk.org.thekelleys.dnsmasq"; + ExecStartPre = "${dnsmasq}/bin/dnsmasq --test"; + ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}"; + ExecReload = "${dnsmasq}/bin/kill -HUP $MAINPID"; + }; + }; + }; } diff --git a/pkgs/tools/networking/dnsmasq/default.nix b/pkgs/tools/networking/dnsmasq/default.nix index cec4057a284f..02f24ce4c003 100644 --- a/pkgs/tools/networking/dnsmasq/default.nix +++ b/pkgs/tools/networking/dnsmasq/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl }: +{ pkgconfig, dbus_libs, nettle, stdenv, fetchurl }: stdenv.mkDerivation rec { name = "dnsmasq-2.71"; @@ -8,13 +8,35 @@ stdenv.mkDerivation rec { sha256 = "1fpzpzja7qr8b4kfdhh4i4sijp62c634yf0xvq2n4p7d5xbzn6a9"; }; + # Can't rely on make flags because of space in one of the parameters + buildPhase = '' + make COPTS="-DHAVE_DNSSEC -DHAVE_DBUS" + ''; + + # make flags used for installation only makeFlags = "DESTDIR= BINDIR=$(out)/bin MANDIR=$(out)/man LOCALEDIR=$(out)/share/locale"; - meta = { + postInstall = '' + install -Dm644 dbus/dnsmasq.conf $out/etc/dbus-1/system.d/dnsmasq.conf + install -Dm644 trust-anchors.conf $out/share/dnsmasq/trust-anchors.conf + + ensureDir $out/share/dbus-1/system-services + cat < $out/share/dbus-1/system-services/uk.org.thekelleys.dnsmasq.service + [D-BUS Service] + Name=uk.org.thekelleys.dnsmasq + Exec=$out/sbin/dnsmasq -k -1 + User=root + SystemdService=dnsmasq.service + END + ''; + + buildInputs = [ pkgconfig dbus_libs nettle ]; + + meta = with stdenv.lib; { description = "An integrated DNS, DHCP and TFTP server for small networks"; homepage = http://www.thekelleys.org.uk/dnsmasq/doc.html; - license = "GPL"; - platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin; - maintainers = [ stdenv.lib.maintainers.eelco ]; + license = licenses.gpl2; + platforms = with platforms; linux ++ darwin; + maintainers = with maintainers; [ eelco ]; }; }