diff options
author | Will Fancher <elvishjerricco@gmail.com> | 2024-04-07 21:18:59 -0400 |
---|---|---|
committer | Will Fancher <elvishjerricco@gmail.com> | 2024-05-21 20:55:37 -0400 |
commit | 072054ccb5d8c73ee0cc75d37b3e5d16c33d2de4 (patch) | |
tree | 34be2e39d86baab47f406c1950ba66d20d42b608 /nixos/modules/system | |
parent | dd0ebdffcd90a9a1d33297f401a776c3b510509e (diff) |
nixos/systemd-stage-1: Support systemd-resolved
Diffstat (limited to 'nixos/modules/system')
-rw-r--r-- | nixos/modules/system/boot/resolved.nix | 64 |
1 files changed, 51 insertions, 13 deletions
diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 2c9a7ddee4f6f..b658a7a2dc05e 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -7,6 +7,20 @@ let dnsmasqResolve = config.services.dnsmasq.enable && config.services.dnsmasq.resolveLocalQueries; + resolvedConf = '' + [Resolve] + ${optionalString (config.networking.nameservers != []) + "DNS=${concatStringsSep " " config.networking.nameservers}"} + ${optionalString (cfg.fallbackDns != null) + "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"} + ${optionalString (cfg.domains != []) + "Domains=${concatStringsSep " " cfg.domains}"} + LLMNR=${cfg.llmnr} + DNSSEC=${cfg.dnssec} + DNSOverTLS=${cfg.dnsovertls} + ${config.services.resolved.extraConfig} + ''; + in { @@ -126,6 +140,15 @@ in ''; }; + boot.initrd.services.resolved.enable = mkOption { + default = config.boot.initrd.systemd.network.enable; + defaultText = "config.boot.initrd.systemd.network.enable"; + description = '' + Whether to enable resolved for stage 1 networking. + Uses the toplevel 'services.resolved' options for 'resolved.conf' + ''; + }; + }; config = mkMerge [ @@ -155,19 +178,7 @@ in }; environment.etc = { - "systemd/resolved.conf".text = '' - [Resolve] - ${optionalString (config.networking.nameservers != []) - "DNS=${concatStringsSep " " config.networking.nameservers}"} - ${optionalString (cfg.fallbackDns != null) - "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"} - ${optionalString (cfg.domains != []) - "Domains=${concatStringsSep " " cfg.domains}"} - LLMNR=${cfg.llmnr} - DNSSEC=${cfg.dnssec} - DNSOverTLS=${cfg.dnsovertls} - ${config.services.resolved.extraConfig} - ''; + "systemd/resolved.conf".text = resolvedConf; # symlink the dynamic stub resolver of resolv.conf as recommended by upstream: # https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf @@ -183,6 +194,33 @@ in }) + (mkIf config.boot.initrd.services.resolved.enable { + + assertions = [ + { + assertion = config.boot.initrd.systemd.enable; + message = "'boot.initrd.services.resolved.enable' can only be enabled with systemd stage 1."; + } + ]; + + boot.initrd.systemd = { + contents = { + "/etc/tmpfiles.d/resolv.conf".text = + "L /etc/resolv.conf - - - - /run/systemd/resolve/stub-resolv.conf"; + "/etc/systemd/resolved.conf".text = resolvedConf; + }; + + additionalUpstreamUnits = ["systemd-resolved.service"]; + users.systemd-resolve = {}; + groups.systemd-resolve = {}; + storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/systemd-resolved"]; + services.systemd-resolved = { + wantedBy = ["sysinit.target"]; + aliases = [ "dbus-org.freedesktop.resolve1.service" ]; + }; + }; + + }) ]; } |