diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2018-01-09 17:26:31 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2018-01-09 17:26:31 +0100 |
commit | d6bf8eb71b4e9cbf0aa995449ceb55396e1f6d38 (patch) | |
tree | cb34c3bdaae2ead4383ec68fd9bd3482baf628f0 /nixos | |
parent | f607771d0f5e4fa905afff1c772febd9f3103e1a (diff) | |
parent | 4bc4c0883885f170d08ad47a8019bde7209d10f4 (diff) |
Merge #33614: nixos/kresd improvements
The PR was extended with other fixes. All tested by me atop 17.09.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/kresd.nix | 21 |
1 files changed, 6 insertions, 15 deletions
diff --git a/nixos/modules/services/networking/kresd.nix b/nixos/modules/services/networking/kresd.nix index 18e2ab9aebf10..011a9b2f58ea0 100644 --- a/nixos/modules/services/networking/kresd.nix +++ b/nixos/modules/services/networking/kresd.nix @@ -72,6 +72,7 @@ in (iface: if elem ":" (stringToCharacters iface) then "[${iface}]:53" else "${iface}:53") cfg.interfaces; socketConfig.ListenDatagram = listenStreams; + socketConfig.FreeBind = true; }; systemd.sockets.kresd-control = rec { @@ -82,20 +83,11 @@ in socketConfig = { FileDescriptorName = "control"; Service = "kresd.service"; - SocketMode = "0660"; # only root user/group may connect + SocketMode = "0660"; # only root user/group may connect and control kresd }; }; - # Create the cacheDir; tmpfiles don't work on nixos-rebuild switch. - systemd.services.kresd-cachedir = { - serviceConfig.Type = "oneshot"; - script = '' - if [ ! -d '${cfg.cacheDir}' ]; then - mkdir -p '${cfg.cacheDir}' - chown kresd:kresd '${cfg.cacheDir}' - fi - ''; - }; + systemd.tmpfiles.rules = [ "d '${cfg.cacheDir}' 0770 kresd kresd - -" ]; systemd.services.kresd = { description = "Knot-resolver daemon"; @@ -104,16 +96,15 @@ in User = "kresd"; Type = "notify"; WorkingDirectory = cfg.cacheDir; + Restart = "on-failure"; }; script = '' exec '${package}/bin/kresd' --config '${configFile}' \ - -k '${cfg.cacheDir}/root.key' + -k '${pkgs.dns-root-data}/root.key' ''; - after = [ "kresd-cachedir.service" ]; - requires = [ "kresd.socket" "kresd-cachedir.service" ]; - wantedBy = [ "sockets.target" ]; + requires = [ "kresd.socket" ]; }; }; } |