kresd: Unified listen declarations
Deperecates the interfaces option which was used to generate a host:port list whereas the port was always hardcoded to 53. This unifies the listen configuration for plain and TLS sockets and allows to specify a port without an address for wildcard binds.
This commit is contained in:
parent
b443abf914
commit
f886a14dbd
2 changed files with 25 additions and 8 deletions
|
@ -251,6 +251,14 @@
|
||||||
in container config.
|
in container config.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
The <literal>kresd</literal> services deprecates the <literal>interfaces</literal> option
|
||||||
|
in favor of the <literal>listenPlain</literal> option which requires full
|
||||||
|
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.socket.html#ListenStream=">systemd.socket compatible</link>
|
||||||
|
declaration which always include a port.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
</itemizedlist>
|
</itemizedlist>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,17 @@ in
|
||||||
{
|
{
|
||||||
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
meta.maintainers = [ maintainers.vcunat /* upstream developer */ ];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
(mkChangedOptionModule [ "services" "kresd" "interfaces" ] [ "services" "kresd" "listenPlain" ]
|
||||||
|
(config:
|
||||||
|
let value = getAttrFromPath [ "services" "kresd" "interfaces" ] config;
|
||||||
|
in map
|
||||||
|
(iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53") # Syntax depends on being IPv6 or IPv4.
|
||||||
|
value
|
||||||
|
)
|
||||||
|
)
|
||||||
|
];
|
||||||
|
|
||||||
###### interface
|
###### interface
|
||||||
options.services.kresd = {
|
options.services.kresd = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
|
@ -39,11 +50,12 @@ in
|
||||||
Directory for caches. They are intended to survive reboots.
|
Directory for caches. They are intended to survive reboots.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
interfaces = mkOption {
|
listenPlain = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = [ "::1" "127.0.0.1" ];
|
default = [ "[::1]:53" "127.0.0.1:53" ];
|
||||||
description = ''
|
description = ''
|
||||||
What addresses the server should listen on. (UDP+TCP 53)
|
What addresses and ports the server should listen on.
|
||||||
|
For detailed syntax see ListenStream in man systemd.socket.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
listenTLS = mkOption {
|
listenTLS = mkOption {
|
||||||
|
@ -51,7 +63,7 @@ in
|
||||||
default = [];
|
default = [];
|
||||||
example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ];
|
example = [ "198.51.100.1:853" "[2001:db8::1]:853" "853" ];
|
||||||
description = ''
|
description = ''
|
||||||
Addresses on which kresd should provide DNS over TLS (see RFC 7858).
|
Addresses and ports on which kresd should provide DNS over TLS (see RFC 7858).
|
||||||
For detailed syntax see ListenStream in man systemd.socket.
|
For detailed syntax see ListenStream in man systemd.socket.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -76,10 +88,7 @@ in
|
||||||
systemd.sockets.kresd = rec {
|
systemd.sockets.kresd = rec {
|
||||||
wantedBy = [ "sockets.target" ];
|
wantedBy = [ "sockets.target" ];
|
||||||
before = wantedBy;
|
before = wantedBy;
|
||||||
listenStreams = map
|
listenStreams = cfg.listenPlain;
|
||||||
# Syntax depends on being IPv6 or IPv4.
|
|
||||||
(iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53")
|
|
||||||
cfg.interfaces;
|
|
||||||
socketConfig = {
|
socketConfig = {
|
||||||
ListenDatagram = listenStreams;
|
ListenDatagram = listenStreams;
|
||||||
FreeBind = true;
|
FreeBind = true;
|
||||||
|
|
Loading…
Reference in a new issue