Let's roll our own coredns package

With blackjack and hoo...

Uhm, working plugins. Yes, working plugins. Definitely.

flake.nix

@@ -270,6 +270,7 @@
           };
 
           packages = {
+            coredns = pkgs.callPackage ./pkgs/coredns { };
             git-repo-go = pkgs.callPackage ./pkgs/git-repo-go { };
             gitu = pkgs.callPackage ./pkgs/gitu { };
             headscale-ui = pkgs.callPackage ./pkgs/headscale-ui { };

machines/valkyrie/coredns/default.nix

@@ -1,24 +1,16 @@
-{ pkgs, config, ... }:
+{ config, ... }:
 {
   services.coredns = {
     enable = true;
-    package = pkgs.coredns.override {
-      externalPlugins = [
-        {
-          name = "tailscale";
-          repo = "github.com/damomurf/coredns-tailscale";
-          version = "750df081a3cc63f325ecfde6c30a974dc0e4bf56";
-        }
-      ];
-      vendorHash = "sha256-tuHr5oYmx3HNmsO6ZOO14vORArk8YHZBsodCiydf6k8=";
-    };
 
     config = ''
       datarift.nl:5454 {
         bind 127.0.0.1 ::1
         tailscale datarift.nl {
           authkey {$TS_AUTHKEY}
+          fallthrough
         }
+        forward . 127.0.0.1:5335
         log
         errors
       }

overlays/default.nix

@@ -47,4 +47,5 @@ _final: prev: {
   gitu = prev.pkgs.callPackage ../pkgs/gitu { };
   zed = prev.pkgs.callPackage ../pkgs/zed { };
   git-repo-go = prev.pkgs.callPackage ../pkgs/git-repo-go { };
+  coredns = prev.pkgs.callPackage ../pkgs/coredns { };
 }

pkgs/coredns/default.nix

@@ -0,0 +1,95 @@
+{
+  lib,
+  gnused,
+  stdenv,
+  buildGoModule,
+  fetchFromGitHub,
+  installShellFiles,
+}:
+let
+  version = "1.11.1";
+
+  externalPlugins = [
+    {
+      name = "tailscale";
+      repo = "github.com/damomurf/coredns-tailscale";
+      version = "750df081a3cc63f325ecfde6c30a974dc0e4bf56";
+    }
+  ];
+
+  attrsToPlugins = attrs: builtins.map ({ name, repo, ... }: "${name}:${repo}") attrs;
+  attrsToSources = attrs: builtins.map ({ repo, version, ... }: "${repo}@${version}") attrs;
+in
+buildGoModule {
+  pname = "coredns";
+  inherit version;
+
+  src = fetchFromGitHub {
+    owner = "coredns";
+    repo = "coredns";
+    rev = "v${version}";
+    sha256 = "sha256-Mn8hOsODTlnl6PJaevMcyIKkIx/1Lk2HGA7fSSizR20=";
+  };
+
+  # vendorHash = lib.fakeHash;
+  vendorHash = "sha256-ba8Krc8FVrylsV0n/3JNRTrL3bP8UJRdKF2fy8SYU3o=";
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  outputs = [
+    "out"
+    "man"
+  ];
+
+  # Override the go-modules fetcher derivation to fetch plugins
+  modBuildPhase = ''
+    for plugin in ${builtins.toString (attrsToPlugins externalPlugins)}; do
+      echo "Adding plugin $plugin"
+      ${gnused}/bin/sed -i "/forward:forward/i$plugin" plugin.cfg
+    done
+
+    for src in ${builtins.toString (attrsToSources externalPlugins)}; do
+      echo "Retrieving $src"
+      go get $src
+    done
+
+    go generate
+    go mod tidy
+    go mod vendor
+  '';
+
+  modInstallPhase = ''
+    mv -t vendor go.mod go.sum plugin.cfg
+    cp -r --reflink=auto vendor "$out"
+  '';
+
+  preBuild = ''
+    chmod -R u+w vendor
+    mv -t . vendor/go.{mod,sum} vendor/plugin.cfg
+
+    go generate
+  '';
+
+  postPatch =
+    ''
+      substituteInPlace test/file_cname_proxy_test.go \
+        --replace "TestZoneExternalCNAMELookupWithProxy" \
+                  "SkipZoneExternalCNAMELookupWithProxy"
+
+      substituteInPlace test/readme_test.go \
+        --replace "TestReadme" "SkipReadme"
+
+      # this test fails if any external plugins were imported.
+      # it's a lint rather than a test of functionality, so it's safe to disable.
+      substituteInPlace test/presubmit_test.go \
+        --replace "TestImportOrdering" "SkipImportOrdering"
+    ''
+    + lib.optionalString stdenv.isDarwin ''
+      # loopback interface is lo0 on macos
+      sed -E -i 's/\blo\b/lo0/' plugin/bind/setup_test.go
+    '';
+
+  postInstall = ''
+    installManPage man/*
+  '';
+}