integrated meshnamed with systemd-resolved

2023-11-15 06:33:31 +01:00 · 2023-11-15 06:33:31 +01:00 · 8cda86d34c
commit 8cda86d34c
parent 75f1815f98
2 changed files with 26 additions and 2 deletions
--- a/checks/meshnamed/default.nix
+++ b/checks/meshnamed/default.nix
@ -14,7 +14,7 @@
  testScript = ''
    start_all()
    machine.wait_for_unit("meshnamed")
-    out = machine.succeed("${pkgs.dnsutils}/bin/dig -p 53535 AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @localhost +short")
+    out = machine.succeed("${pkgs.dnsutils}/bin/dig AAAA foo.7vbx332lkaunatuzsndtanix54.vpn @meshnamed +short")
    print(out)
    assert out.strip() == "fd43:7def:4b50:28d0:4e99:9347:3035:17ef"
  '';
--- a/nixosModules/clanCore/meshnamed/default.nix
+++ b/nixosModules/clanCore/meshnamed/default.nix
@ -1,4 +1,7 @@
 { config, lib, pkgs, ... }:
+let
+  localAddress = "fd66:29e9:f422:8dfe:beba:68ec:bd09:7876";
+in
 {
  options.clan.networking.meshnamed = {
    enable = (lib.mkEnableOption "meshnamed") // {
@ -28,6 +31,24 @@
    };
  };
  config = lib.mkIf config.clan.networking.meshnamed.enable {
+    # we assign this random source address to bind meshnamed to.
+    systemd.network.networks.loopback-addresses = {
+      matchConfig.Name = "lo";
+      networkConfig.Address = [ localAddress ];
+    };
+
+
+    services.resolved.extraConfig = ''
+      [Resolve]
+      DNS=${localAddress}
+      Domains=~${lib.concatMapStringsSep " " (network: network.name) (builtins.attrValues config.clan.networking.meshnamed.networks)}
+    '';
+
+    # for convience, so we can debug with dig
+    networking.extraHosts = ''
+      ${localAddress} meshnamed
+    '';
+
    systemd.services.meshnamed =
      let
        networks = lib.concatMapStringsSep "," (network: "${network.name}=${network.subnet}")
@ -38,7 +59,10 @@
        after = [ "network.target" ];
        serviceConfig = {
          Type = "simple";
-          ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks}";
+          ExecStart = "${pkgs.callPackage ../../../pkgs/meshname/default.nix { }}/bin/meshnamed -networks ${networks} -listenaddr [${localAddress}]:53";
+
+          # to bind port 53
+          AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
          DynamicUser = true;
        };
      };