alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

nixosTests.knot: use settings format

Browse source
This commit is contained in:
Martin Weinelt 2023-07-09 23:32:07 +02:00 committed by Vladimír Čunát
parent ce85980e77
commit 8e93f353cc
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
1 changed files with 58 additions and 64 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

122
nixos/tests/knot.nix
View file

@ -60,44 +60,43 @@ in {
services.knot.enable = true; services.knot.enable = true;
services.knot.extraArgs = [ "-v" ]; services.knot.extraArgs = [ "-v" ];
services.knot.keyFiles = [ tsigFile ]; services.knot.keyFiles = [ tsigFile ];
services.knot.extraConfig = '' services.knot.settings = {
server: server = {
listen: 0.0.0.0@53 listen = [
listen: ::@53 "0.0.0.0@53"
automatic-acl: true "::@53"
];
automatic-acl = true;
};
remote: acl.secondary_acl = {
- id: secondary address = "192.168.0.2";
address: 192.168.0.2@53 key = "xfr_key";
key: xfr_key action = "transfer";
};
template: remote.secondary.address = "192.168.0.2@53";
- id: default
storage: ${knotZonesEnv}
notify: [secondary]
dnssec-signing: on
# Input-only zone files
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3
# prevents modification of the zonefiles, since the zonefiles are immutable
zonefile-sync: -1
zonefile-load: difference
journal-content: changes
# move databases below the state directory, because they need to be writable
journal-db: /var/lib/knot/journal
kasp-db: /var/lib/knot/kasp
timer-db: /var/lib/knot/timer
zone: template.default = {
- domain: example.com storage = knotZonesEnv;
file: example.com.zone notify = [ "secondary" ];
acl = [ "secondary_acl" ];
dnssec-signing = true;
# Input-only zone files
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3
# prevents modification of the zonefiles, since the zonefiles are immutable
zonefile-sync = -1;
zonefile-load = "difference";
journal-content = "changes";
};
- domain: sub.example.com zone = {
file: sub.example.com.zone "example.com".file = "example.com.zone";
"sub.example.com".file = "sub.example.com.zone";
};
log: log.syslog.any = "info";
- target: syslog };
any: info
'';
}; };
secondary = { lib, ... }: { secondary = { lib, ... }: {
@ -113,41 +112,36 @@ in {
services.knot.enable = true; services.knot.enable = true;
services.knot.keyFiles = [ tsigFile ]; services.knot.keyFiles = [ tsigFile ];
services.knot.extraArgs = [ "-v" ]; services.knot.extraArgs = [ "-v" ];
services.knot.extraConfig = '' services.knot.settings = {
server: server = {
listen: 0.0.0.0@53 listen = [
listen: ::@53 "0.0.0.0@53"
automatic-acl: true "::@53"
];
automatic-acl = true;
};
remote: remote.primary = {
- id: primary address = "192.168.0.1@53";
address: 192.168.0.1@53 key = "xfr_key";
key: xfr_key };
template: template.default = {
- id: default master = "primary";
master: primary # zonefileless setup
# zonefileless setup # https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2 zonefile-sync = "-1";
zonefile-sync: -1 zonefile-load = "none";
zonefile-load: none journal-content = "all";
journal-content: all };
# move databases below the state directory, because they need to be writable
journal-db: /var/lib/knot/journal
kasp-db: /var/lib/knot/kasp
timer-db: /var/lib/knot/timer
zone: zone = {
- domain: example.com "example.com".file = "example.com.zone";
file: example.com.zone "sub.example.com".file = "sub.example.com.zone";
};
- domain: sub.example.com log.syslog.any = "info";
file: sub.example.com.zone };
log:
- target: syslog
any: info
'';
}; };
client = { lib, nodes, ... }: { client = { lib, nodes, ... }: {
imports = [ common ]; imports = [ common ];