From 92d956267ae5babd8c446942316a099024d3c0fa Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Thu, 22 Aug 2019 14:02:02 +0200 Subject: [PATCH 1/3] nixos/pdns-recursor: implement a `settings` option --- .../services/networking/pdns-recursor.nix | 78 ++++++++++++++----- 1 file changed, 57 insertions(+), 21 deletions(-) diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix index d07deb9dcc67..ae22ea17f011 100644 --- a/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixos/modules/services/networking/pdns-recursor.nix @@ -6,25 +6,27 @@ let dataDir = "/var/lib/pdns-recursor"; username = "pdns-recursor"; - cfg = config.services.pdns-recursor; - zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones; + cfg = config.services.pdns-recursor; - configFile = pkgs.writeText "recursor.conf" '' - local-address=${cfg.dns.address} - local-port=${toString cfg.dns.port} - allow-from=${concatStringsSep "," cfg.dns.allowFrom} + oneOrMore = type: with types; either type (listOf type); + valueType = with types; oneOf [ int str bool path ]; + configType = with types; attrsOf (nullOr (oneOrMore valueType)); - webserver-address=${cfg.api.address} - webserver-port=${toString cfg.api.port} - webserver-allow-from=${concatStringsSep "," cfg.api.allowFrom} + toBool = val: if val then "yes" else "no"; + serialize = val: with types; + if str.check val then val + else if int.check val then toString val + else if path.check val then toString val + else if bool.check val then toBool val + else if builtins.isList val then (concatMapStringsSep "," serialize val) + else ""; - forward-zones=${concatStringsSep "," zones} - export-etc-hosts=${if cfg.exportHosts then "yes" else "no"} - dnssec=${cfg.dnssecValidation} - serve-rfc1918=${if cfg.serveRFC1918 then "yes" else "no"} + configFile = pkgs.writeText "recursor.conf" + (concatStringsSep "\n" + (flip mapAttrsToList cfg.settings + (name: val: "${name}=${serialize val}"))); - ${cfg.extraConfig} - ''; + mkDefaultAttrs = mapAttrs (n: v: mkDefault v); in { options.services.pdns-recursor = { @@ -117,17 +119,46 @@ in { ''; }; - extraConfig = mkOption { - type = types.lines; - default = ""; + settings = mkOption { + type = configType; + default = { }; + example = literalExample '' + { + loglevel = 8; + log-common-errors = true; + } + ''; description = '' - Extra options to be appended to the configuration file. + PowerDNS Recursor settings. Use this option to configure Recursor + settings not exposed in a NixOS option or to bypass one. + See the full documentation at + + for the available options. ''; }; + }; config = mkIf cfg.enable { + services.pdns-recursor.settings = mkDefaultAttrs { + local-address = cfg.dns.address; + local-port = cfg.dns.port; + allow-from = cfg.dns.allowFrom; + + webserver-address = cfg.api.address; + webserver-port = cfg.api.port; + webserver-allow-from = cfg.api.allowFrom; + + forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones; + export-etc-hosts = cfg.exportHosts; + dnssec = cfg.dnssecValidation; + serve-rfc1918 = cfg.serveRFC1918; + + log-timestamp = false; + disable-syslog = true; + }; + users.users."${username}" = { home = dataDir; createHome = true; @@ -150,8 +181,7 @@ in { AmbientCapabilities = "cap_net_bind_service"; ExecStart = ''${pkgs.pdns-recursor}/bin/pdns_recursor \ --config-dir=${dataDir} \ - --socket-dir=${dataDir} \ - --disable-syslog + --socket-dir=${dataDir} ''; }; @@ -165,4 +195,10 @@ in { ''; }; }; + + imports = [ + (mkRemovedOptionModule [ "services" "pdns-recursor" "extraConfig" ] + "To change extra Recursor settings use services.pdns-recursor.settings instead.") + ]; + } From 0e0a533d9a185727d088de793b52950263bdef85 Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Thu, 22 Aug 2019 15:03:14 +0200 Subject: [PATCH 2/3] nixos/pdns-recursor: add luaConfig option --- nixos/modules/services/networking/pdns-recursor.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/nixos/modules/services/networking/pdns-recursor.nix b/nixos/modules/services/networking/pdns-recursor.nix index ae22ea17f011..ec69cc838da9 100644 --- a/nixos/modules/services/networking/pdns-recursor.nix +++ b/nixos/modules/services/networking/pdns-recursor.nix @@ -137,6 +137,14 @@ in { ''; }; + luaConfig = mkOption { + type = types.lines; + default = ""; + description = '' + The content Lua configuration file for PowerDNS Recursor. See + . + ''; + }; }; config = mkIf cfg.enable { @@ -154,6 +162,7 @@ in { export-etc-hosts = cfg.exportHosts; dnssec = cfg.dnssecValidation; serve-rfc1918 = cfg.serveRFC1918; + lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig; log-timestamp = false; disable-syslog = true; From d5f098a96c29486e901e12de3c5f59cf1754c29a Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Mon, 26 Aug 2019 17:37:40 +0200 Subject: [PATCH 3/3] nixos/doc: mention extraConfig -> settings change in pdns-recursor --- nixos/doc/manual/release-notes/rl-1909.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index b02d99438de0..4d636fb2b584 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -284,6 +284,13 @@ Squid 3 has been removed and the derivation now refers to Squid 4. + + + The option has been replaced by + . The new option allows setting extra + configuration while being better type-checked and mergeable. + +