nixos/systemd-stage-1: Support systemd-resolved

author: Will Fancher <elvishjerricco@gmail.com> 2024-04-07 21:18:59 -0400
committer: Will Fancher <elvishjerricco@gmail.com> 2024-05-21 20:55:37 -0400
commit: 072054ccb5d8c73ee0cc75d37b3e5d16c33d2de4 (patch)
tree: 34be2e39d86baab47f406c1950ba66d20d42b608 /nixos/modules/system/boot/resolved.nix
parent: dd0ebdffcd90a9a1d33297f401a776c3b510509e (diff)
1 files changed, 51 insertions, 13 deletions
diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix
index 2c9a7ddee4f6..b658a7a2dc05 100644
--- a/nixos/modules/system/boot/resolved.nix
+++ b/nixos/modules/system/boot/resolved.nix
@@ -7,6 +7,20 @@ let
   dnsmasqResolve = config.services.dnsmasq.enable &&
                    config.services.dnsmasq.resolveLocalQueries;
 
+  resolvedConf = ''
+    [Resolve]
+    ${optionalString (config.networking.nameservers != [])
+      "DNS=${concatStringsSep " " config.networking.nameservers}"}
+    ${optionalString (cfg.fallbackDns != null)
+      "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"}
+    ${optionalString (cfg.domains != [])
+      "Domains=${concatStringsSep " " cfg.domains}"}
+    LLMNR=${cfg.llmnr}
+    DNSSEC=${cfg.dnssec}
+    DNSOverTLS=${cfg.dnsovertls}
+    ${config.services.resolved.extraConfig}
+  '';
+
 in
 {
 
@@ -126,6 +140,15 @@ in
       '';
     };
 
+    boot.initrd.services.resolved.enable = mkOption {
+      default = config.boot.initrd.systemd.network.enable;
+      defaultText = "config.boot.initrd.systemd.network.enable";
+      description = ''
+        Whether to enable resolved for stage 1 networking.
+        Uses the toplevel 'services.resolved' options for 'resolved.conf'
+      '';
+    };
+
   };
 
   config = mkMerge [
@@ -155,19 +178,7 @@ in
       };
 
       environment.etc = {
-        "systemd/resolved.conf".text = ''
-          [Resolve]
-          ${optionalString (config.networking.nameservers != [])
-            "DNS=${concatStringsSep " " config.networking.nameservers}"}
-          ${optionalString (cfg.fallbackDns != null)
-            "FallbackDNS=${concatStringsSep " " cfg.fallbackDns}"}
-          ${optionalString (cfg.domains != [])
-            "Domains=${concatStringsSep " " cfg.domains}"}
-          LLMNR=${cfg.llmnr}
-          DNSSEC=${cfg.dnssec}
-          DNSOverTLS=${cfg.dnsovertls}
-          ${config.services.resolved.extraConfig}
-        '';
+        "systemd/resolved.conf".text = resolvedConf;
 
         # symlink the dynamic stub resolver of resolv.conf as recommended by upstream:
         # https://www.freedesktop.org/software/systemd/man/systemd-resolved.html#/etc/resolv.conf
@@ -183,6 +194,33 @@ in
 
     })
 
+    (mkIf config.boot.initrd.services.resolved.enable {
+
+      assertions = [
+        {
+          assertion = config.boot.initrd.systemd.enable;
+          message = "'boot.initrd.services.resolved.enable' can only be enabled with systemd stage 1.";
+        }
+      ];
+
+      boot.initrd.systemd = {
+        contents = {
+          "/etc/tmpfiles.d/resolv.conf".text =
+            "L /etc/resolv.conf - - - - /run/systemd/resolve/stub-resolv.conf";
+          "/etc/systemd/resolved.conf".text = resolvedConf;
+        };
+
+        additionalUpstreamUnits = ["systemd-resolved.service"];
+        users.systemd-resolve = {};
+        groups.systemd-resolve = {};
+        storePaths = ["${config.boot.initrd.systemd.package}/lib/systemd/systemd-resolved"];
+        services.systemd-resolved = {
+          wantedBy = ["sysinit.target"];
+          aliases = [ "dbus-org.freedesktop.resolve1.service" ];
+        };
+      };
+
+    })
   ];
 
 }
author	Will Fancher <elvishjerricco@gmail.com>	2024-04-07 21:18:59 -0400
committer	Will Fancher <elvishjerricco@gmail.com>	2024-05-21 20:55:37 -0400
commit	072054ccb5d8c73ee0cc75d37b3e5d16c33d2de4 (patch)
tree	34be2e39d86baab47f406c1950ba66d20d42b608 /nixos/modules/system/boot/resolved.nix
parent	dd0ebdffcd90a9a1d33297f401a776c3b510509e (diff)