49 lines
1.1 KiB
Nix
49 lines
1.1 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.my.networking.technitium-dns-server;
|
|
defaultPorts = config.services.technitium-dns-server.firewallTCPPorts.default;
|
|
in
|
|
{
|
|
options.my.networking.technitium-dns-server = {
|
|
enable = lib.mkEnableOption "Enable Technitium DNS Server";
|
|
dnsOverHttps = lib.mkEnableOption "Enable DNS over HTTPS";
|
|
adminPasswordFile = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = "";
|
|
description = ''
|
|
Path to the file containing the admin password.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
# Disable internal DNS otherwise TCP .:53 is already in use. Breaks zone sync
|
|
services.resolved.enable = false;
|
|
|
|
services.technitium-dns-server = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
firewallTCPPorts = [
|
|
53
|
|
5380
|
|
53443
|
|
]
|
|
++ lib.optional cfg.dnsOverHttps 443;
|
|
firewallUDPPorts = [
|
|
53
|
|
67
|
|
];
|
|
};
|
|
|
|
systemd.services.technitium-dns-server.environment.DNS_SERVER_ADMIN_PASSWORD_FILE =
|
|
cfg.adminPasswordFile;
|
|
|
|
};
|
|
|
|
}
|