| blob | bd8d08bc878cbd0280e6b0d87e4f30714c0426bb |
1 { config, lib, pkgs, ... }:
3 with lib;
5 let
6 cfg = config.services.powerdns;
7 configDir = pkgs.writeTextDir "pdns.conf" "${cfg.extraConfig}";
8 finalConfigDir = if cfg.secretFile == null then configDir else "/run/pdns";
9 in {
10 options = {
11 services.powerdns = {
12 enable = mkEnableOption "PowerDNS domain name server";
14 extraConfig = mkOption {
15 type = types.lines;
16 default = "launch=bind";
17 description = ''
18 PowerDNS configuration. Refer to
19 <https://doc.powerdns.com/authoritative/settings.html>
20 for details on supported values.
21 '';
22 };
24 secretFile = mkOption {
25 type = types.nullOr types.path;
26 default = null;
27 example = "/run/keys/powerdns.env";
28 description = ''
29 Environment variables from this file will be interpolated into the
30 final config file using envsubst with this syntax: `$ENVIRONMENT`
31 or `''${VARIABLE}`.
32 The file should contain lines formatted as `SECRET_VAR=SECRET_VALUE`.
33 This is useful to avoid putting secrets into the nix store.
34 '';
35 };
36 };
37 };
39 config = mkIf cfg.enable {
41 environment.etc.pdns.source = finalConfigDir;
43 systemd.packages = [ pkgs.pdns ];
45 systemd.services.pdns = {
46 wantedBy = [ "multi-user.target" ];
47 after = [ "network.target" "mysql.service" "postgresql.service" "openldap.service" ];
49 serviceConfig = {
50 EnvironmentFile = lib.optional (cfg.secretFile != null) cfg.secretFile;
51 ExecStartPre = lib.optional (cfg.secretFile != null)
52 (pkgs.writeShellScript "pdns-pre-start" ''
53 umask 077
54 ${pkgs.envsubst}/bin/envsubst -i "${configDir}/pdns.conf" > ${finalConfigDir}/pdns.conf
55 '');
56 ExecStart = [ "" "${pkgs.pdns}/bin/pdns_server --config-dir=${finalConfigDir} --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no" ];
57 };
58 };
60 users.users.pdns = {
61 isSystemUser = true;
62 group = "pdns";
63 description = "PowerDNS";
64 };
66 users.groups.pdns = {};
68 };
69 }