forked from mirrors/nixpkgs
nixos/nsd: Allow to configure root zone
When trying to run NSD to serve the root zone, one gets the following error message: error: illegal name: '.' This is because the name of the zone is used as the derivation name for building the zone file. However, Nix doesn't allow derivation names starting with a period. So whenever the zone is "." now, the file name generated is "root" instead of ".". I also added an assertion that makes sure the user sets services.nsd.rootServer, otherwise NSD will fail at runtime because it prevents serving the root zone without an explicit compile-time option. Tested this by adding a root zone to the "nsd" NixOS VM test. Signed-off-by: aszlig <aszlig@nix.build> Cc: @hrdinka, @qknight
This commit is contained in:
aszlig
parent
2b499afa63
commit
1eeeceb9c7
|
|
@ -20,6 +20,7 @@ let
|
|||
zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;
|
||||
};
|
||||
|
||||
mkZoneFileName = name: if name == "." then "root" else name;
|
||||
|
||||
nsdEnv = pkgs.buildEnv {
|
||||
name = "nsd-env";
|
||||
|
|
@ -50,8 +51,9 @@ let
|
|||
};
|
||||
|
||||
writeZoneData = name: text: pkgs.writeTextFile {
|
||||
inherit name text;
|
||||
destination = "/zones/${name}";
|
||||
name = "nsd-zone-${mkZoneFileName name}";
|
||||
inherit text;
|
||||
destination = "/zones/${mkZoneFileName name}";
|
||||
};
|
||||
|
||||
|
||||
|
|
@ -146,7 +148,7 @@ let
|
|||
zoneConfigFile = name: zone: ''
|
||||
zone:
|
||||
name: "${name}"
|
||||
zonefile: "${stateDir}/zones/${name}"
|
||||
zonefile: "${stateDir}/zones/${mkZoneFileName name}"
|
||||
${maybeString "outgoing-interface: " zone.outgoingInterface}
|
||||
${forEach " rrl-whitelist: " zone.rrlWhitelist}
|
||||
${maybeString "zonestats: " zone.zoneStats}
|
||||
|
|
@ -887,6 +889,12 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = singleton {
|
||||
assertion = zoneConfigs ? "." -> cfg.rootServer;
|
||||
message = "You have a root zone configured. If this is really what you "
|
||||
+ "want, please enable 'services.nsd.rootServer'.";
|
||||
};
|
||||
|
||||
environment.systemPackages = [ nsdPkg ];
|
||||
|
||||
users.extraGroups = singleton {
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
{ address = "dead:beef::1"; prefixLength = 64; }
|
||||
];
|
||||
services.nsd.enable = true;
|
||||
services.nsd.rootServer = true;
|
||||
services.nsd.interfaces = lib.mkForce [];
|
||||
services.nsd.zones."example.com.".data = ''
|
||||
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
|
||||
|
|
@ -55,6 +56,11 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
@ A 9.8.7.6
|
||||
@ AAAA fedc::bbaa
|
||||
'';
|
||||
services.nsd.zones.".".data = ''
|
||||
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
|
||||
root A 1.8.7.4
|
||||
root AAAA acbd::4
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -86,6 +92,9 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
|
||||
assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);
|
||||
assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);
|
||||
|
||||
assertHost($_, "a", "root", qr/address 1.8.7.4$/);
|
||||
assertHost($_, "aaaa", "root", qr/address acbd::4$/);
|
||||
};
|
||||
}
|
||||
'';
|
||||
|
|
|
|||
Loading…
Reference in a new issue