nixos/nixops-dns: init #34511
nixos/nixops-dns: init #34511
Conversation
| in | ||
|
|
||
| { | ||
| options = { |
There was a problem hiding this comment.
One more thing that needs to be considered - nixops database location. Current nixops-dns implementation will always look into current user home dir https://github.com/kamilchm/nixops-dns/blob/f6c3f79a09e649033b49e9403d654bdc1308612f/main.go#L20-L28
Do you have an idea how to make it usable in a system service?
There was a problem hiding this comment.
I've tried to address this via user option (The user the nixops-dns daemon should run as.) which propagates to serviceConfig User = cfg.user; bellow. Not sure about the group tho.
| ]; | ||
| extraConfig = '' | ||
| bind-interfaces | ||
| listen-address=127.0.0.1 |
There was a problem hiding this comment.
Would it not make more sense to set listenAddress to port 53 and give the service cap_net_bind_service capability to bind privileged ports? You can take a look at the caddy service on how to do this.
There was a problem hiding this comment.
To be able to still resolve internet domains via dnsmasq while only *.ops are forwarded to nixops-dns
There was a problem hiding this comment.
There should be an option to disable dnsmasq in the nixops-dns module to make it less opinionated. Also it is a sane default some other people maybe prefer to run unbound or knot-resolver instead.
There was a problem hiding this comment.
@Mic92 do you consider this a blocker or can it be added/iterated upon later?
There was a problem hiding this comment.
I'll update this to make dnsmasq setup an option (enabled by default).
sorki
force-pushed
the
nixops-dns-module
branch
from
c258f3c
to
cef80c3
Compare
Motivation for this change
More awesome NixOps experience.
Things done
build-use-sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)