Merge pull request #40054 from aszlig/nsd-root-server
nixos/nsd: Allow to configure root zone
This commit is contained in:
commit
7e542f7f33
2 changed files with 20 additions and 3 deletions
|
@ -20,6 +20,7 @@ let
|
|||
zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;
|
||||
};
|
||||
|
||||
mkZoneFileName = name: if name == "." then "root" else name;
|
||||
|
||||
nsdEnv = pkgs.buildEnv {
|
||||
name = "nsd-env";
|
||||
|
@ -50,8 +51,9 @@ let
|
|||
};
|
||||
|
||||
writeZoneData = name: text: pkgs.writeTextFile {
|
||||
inherit name text;
|
||||
destination = "/zones/${name}";
|
||||
name = "nsd-zone-${mkZoneFileName name}";
|
||||
inherit text;
|
||||
destination = "/zones/${mkZoneFileName name}";
|
||||
};
|
||||
|
||||
|
||||
|
@ -146,7 +148,7 @@ let
|
|||
zoneConfigFile = name: zone: ''
|
||||
zone:
|
||||
name: "${name}"
|
||||
zonefile: "${stateDir}/zones/${name}"
|
||||
zonefile: "${stateDir}/zones/${mkZoneFileName name}"
|
||||
${maybeString "outgoing-interface: " zone.outgoingInterface}
|
||||
${forEach " rrl-whitelist: " zone.rrlWhitelist}
|
||||
${maybeString "zonestats: " zone.zoneStats}
|
||||
|
@ -887,6 +889,12 @@ in
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = singleton {
|
||||
assertion = zoneConfigs ? "." -> cfg.rootServer;
|
||||
message = "You have a root zone configured. If this is really what you "
|
||||
+ "want, please enable 'services.nsd.rootServer'.";
|
||||
};
|
||||
|
||||
environment.systemPackages = [ nsdPkg ];
|
||||
|
||||
users.extraGroups = singleton {
|
||||
|
|
|
@ -41,6 +41,7 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
{ address = "dead:beef::1"; prefixLength = 64; }
|
||||
];
|
||||
services.nsd.enable = true;
|
||||
services.nsd.rootServer = true;
|
||||
services.nsd.interfaces = lib.mkForce [];
|
||||
services.nsd.zones."example.com.".data = ''
|
||||
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
|
||||
|
@ -55,6 +56,11 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
@ A 9.8.7.6
|
||||
@ AAAA fedc::bbaa
|
||||
'';
|
||||
services.nsd.zones.".".data = ''
|
||||
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
|
||||
root A 1.8.7.4
|
||||
root AAAA acbd::4
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -86,6 +92,9 @@ in import ./make-test.nix ({ pkgs, ...} : {
|
|||
|
||||
assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);
|
||||
assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);
|
||||
|
||||
assertHost($_, "a", "root", qr/address 1.8.7.4$/);
|
||||
assertHost($_, "aaaa", "root", qr/address acbd::4$/);
|
||||
};
|
||||
}
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue