Loading nixos/modules/system/boot/resolved.nix +67 −22 Original line number Diff line number Diff line Loading @@ -10,11 +10,13 @@ let inherit (utils.systemdUtils.unitOptions) unitOption; inherit (lib) concatStringsSep elem isList literalExpression mkIf mkMerge mkOption mkOptionDefault mkOrder mkRenamedOptionModule mkRemovedOptionModule Loading @@ -26,7 +28,25 @@ let dnsmasqResolve = config.services.dnsmasq.enable && config.services.dnsmasq.resolveLocalQueries; resolvedConf = settingsToSections cfg.settings; transformSettings = settings: lib.mapAttrs ( key: value: # concat lists for options that should result in space-separated values if elem key [ "DNS" "Domains" "FallbackDNS" ] && isList value then concatStringsSep " " value else value ) settings; resolvedConf = settingsToSections (transformSettings cfg.settings); in { imports = [ Loading Loading @@ -60,22 +80,56 @@ in options = { services.resolved = { enable = lib.mkEnableOption "the Systemd DNS resolver daemon (systemd-resolved)"; settings.Resolve = mkOption { description = '' Settings option for systemd-resolved. See {manpage}`resolved.conf(5)` for all available options. ''; # Remember to keep this in sync to the actual settings at the bottom of the page. defaultText = literalExpression '' { DNS = config.networking.nameservers; DNSOverTLS = false; DNSSEC = false; Domains = config.networking.search; LLMNR = true; } default = { }; type = types.submodule { freeformType = types.attrsOf unitOption; options = { DNS = mkOption { type = unitOption; default = config.networking.nameservers; defaultText = literalExpression "config.networking.nameservers"; description = '' List of IP addresses to query as recursive DNS resolvers. ''; }; DNSOverTLS = mkOption { type = unitOption; default = false; description = '' Whether to use TLS encryption for DNS queries. Requires nameservers that support DNS-over-TLS. ''; type = types.attrsOf unitOption; }; DNSSEC = mkOption { type = unitOption; default = false; description = '' Whether to validate DNSSEC for DNS lookups. ''; }; Domains = mkOption { type = unitOption; default = config.networking.search; defaultText = literalExpression "config.networking.search"; example = [ "scope.example.com" "example.com" ]; description = '' List of search domains used to complete unqualified name lookups. ''; }; }; }; }; }; Loading @@ -101,15 +155,6 @@ in } ]; # If updating any of these attrs, also update the defaultText above. services.resolved.settings.Resolve = { DNS = config.networking.nameservers; DNSOverTLS = mkOptionDefault false; DNSSEC = mkOptionDefault false; Domains = mkOptionDefault config.networking.search; LLMNR = mkOptionDefault true; }; users.users.systemd-resolve.group = "systemd-resolve"; # add resolve to nss hosts database if enabled and nscd enabled Loading Loading
nixos/modules/system/boot/resolved.nix +67 −22 Original line number Diff line number Diff line Loading @@ -10,11 +10,13 @@ let inherit (utils.systemdUtils.unitOptions) unitOption; inherit (lib) concatStringsSep elem isList literalExpression mkIf mkMerge mkOption mkOptionDefault mkOrder mkRenamedOptionModule mkRemovedOptionModule Loading @@ -26,7 +28,25 @@ let dnsmasqResolve = config.services.dnsmasq.enable && config.services.dnsmasq.resolveLocalQueries; resolvedConf = settingsToSections cfg.settings; transformSettings = settings: lib.mapAttrs ( key: value: # concat lists for options that should result in space-separated values if elem key [ "DNS" "Domains" "FallbackDNS" ] && isList value then concatStringsSep " " value else value ) settings; resolvedConf = settingsToSections (transformSettings cfg.settings); in { imports = [ Loading Loading @@ -60,22 +80,56 @@ in options = { services.resolved = { enable = lib.mkEnableOption "the Systemd DNS resolver daemon (systemd-resolved)"; settings.Resolve = mkOption { description = '' Settings option for systemd-resolved. See {manpage}`resolved.conf(5)` for all available options. ''; # Remember to keep this in sync to the actual settings at the bottom of the page. defaultText = literalExpression '' { DNS = config.networking.nameservers; DNSOverTLS = false; DNSSEC = false; Domains = config.networking.search; LLMNR = true; } default = { }; type = types.submodule { freeformType = types.attrsOf unitOption; options = { DNS = mkOption { type = unitOption; default = config.networking.nameservers; defaultText = literalExpression "config.networking.nameservers"; description = '' List of IP addresses to query as recursive DNS resolvers. ''; }; DNSOverTLS = mkOption { type = unitOption; default = false; description = '' Whether to use TLS encryption for DNS queries. Requires nameservers that support DNS-over-TLS. ''; type = types.attrsOf unitOption; }; DNSSEC = mkOption { type = unitOption; default = false; description = '' Whether to validate DNSSEC for DNS lookups. ''; }; Domains = mkOption { type = unitOption; default = config.networking.search; defaultText = literalExpression "config.networking.search"; example = [ "scope.example.com" "example.com" ]; description = '' List of search domains used to complete unqualified name lookups. ''; }; }; }; }; }; Loading @@ -101,15 +155,6 @@ in } ]; # If updating any of these attrs, also update the defaultText above. services.resolved.settings.Resolve = { DNS = config.networking.nameservers; DNSOverTLS = mkOptionDefault false; DNSSEC = mkOptionDefault false; Domains = mkOptionDefault config.networking.search; LLMNR = mkOptionDefault true; }; users.users.systemd-resolve.group = "systemd-resolve"; # add resolve to nss hosts database if enabled and nscd enabled Loading
