nixos/trust-dns: init

[uninsane]

Description of changes

trust-dns is a DNS server, much like BIND but a more recent effort claimed to be "security first". the trust-dns package was added to nixpkgs in January 2023: #205866. this PR adds a services.trust-dns module to facilitate running trust-dns as a systemd service. management of .zone files is left to the user; for those coming from BIND, your zone files should be drop-in compatible with trust-dns.

example config:

services.trust-dns.enable = true;
services.trust-dns.settings.listen_addrs_ipv4 = [ "127.0.0.1" ];
services.trust-dns.settings.directory = "/var/trust-dns";
services.trust-dns.zones = [ "example.com" ];
# then populate `/var/trust-dns/example.com.zone` with your zone file
# e.g. <https://github.com/bluejekyll/trust-dns/blob/main/tests/test-data/test_configs/example.com.zone>

this module tries to be unopinionated, mostly just exposing configuration options as defined and named by upstream. this module as it appears here is the same module which currently serves the uninsane.org domain.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.11 Release Notes (or backporting 23.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[uninsane]

@happysalada you expressed interest in this module a while back, so pinging you in case that's still true. and if you've any suggestions on the documentation side of things (or usability more generally) i'd be happy to act on them.

[happysalada]

hey, this is looking really good.
I've made some comments.
Note that I don't have very strong opinions on any of them.
Right this minute my linux machine is down, but I should be able to test this soon.

[happysalada]

I'm personally good to merge, let me know if you want to do more work on this or if you want to wait for anything.

[uninsane]

I'm personally good to merge, let me know if you want to do more work on this or if you want to wait for anything.

i don't have any more work planned for this, so sounds fine to me. i'd like to be around to field other PRs/issues anyone has with the module after it's merged though: is there a facility like the meta.maintainers property used in packaging that i should use for that?

[happysalada]

yes there is, it's also called meta.maintainers
have a look at the lemmy.nix file.

[uninsane]

yes there is, it's also called meta.maintainers have a look at the lemmy.nix file.

just pushed a commit that adds meta.maintainers, thanks for the info!