integrated meshnamed with systemd-resolved
This commit is contained in:
Jörg Thalheim
@@ -14,7 +14,7 @@
|
|||||||
testScript = ''
|
testScript = ''
|
||||||
start_all()
|
start_all()
|
||||||
machine.wait_for_unit("meshnamed")
|
machine.wait_for_unit("meshnamed")
|
||||||
out = machine.succeed("${pkgs.dnsutils}/bin/dig -p 53535 AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @localhost +short")
|
out = machine.succeed("${pkgs.dnsutils}/bin/dig AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @meshnamed +short")
|
||||||
print(out)
|
print(out)
|
||||||
assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
|
assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
|
||||||
'';
|
'';
|
||||||
|
|||||||
@@ -1,4 +1,7 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
localAddress = "fd66:29e9:f422:8dfe:beba:68ec:bd09:7876";
|
||||||
|
in
|
||||||
{
|
{
|
||||||
options.clan.networking.meshnamed = {
|
options.clan.networking.meshnamed = {
|
||||||
enable = (lib.mkEnableOption "meshnamed") // {
|
enable = (lib.mkEnableOption "meshnamed") // {
|
||||||
@@ -28,6 +31,24 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = lib.mkIf config.clan.networking.meshnamed.enable {
|
config = lib.mkIf config.clan.networking.meshnamed.enable {
|
||||||
|
# we assign this random source address to bind meshnamed to.
|
||||||
|
systemd.network.networks.loopback-addresses = {
|
||||||
|
matchConfig.Name = "lo";
|
||||||
|
networkConfig.Address = [ localAddress ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.resolved.extraConfig = ''
|
||||||
|
[Resolve]
|
||||||
|
DNS=${localAddress}
|
||||||
|
Domains=~${lib.concatMapStringsSep " " (network: network.name) (builtins.attrValues config.clan.networking.meshnamed.networks)}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# for convience, so we can debug with dig
|
||||||
|
networking.extraHosts = ''
|
||||||
|
${localAddress} meshnamed
|
||||||
|
'';
|
||||||
|
|
||||||
systemd.services.meshnamed =
|
systemd.services.meshnamed =
|
||||||
let
|
let
|
||||||
networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
|
networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
|
||||||
@@ -38,7 +59,10 @@
|
|||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks}";
|
ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks} -listenaddr [${localAddress}]:53";
|
||||||
|
|
||||||
|
# to bind port 53
|
||||||
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
||||||
DynamicUser = true;
|
DynamicUser = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user