diff options
author | aszlig <aszlig@nix.build> | 2018-05-07 03:05:30 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-05-30 05:07:39 +0200 |
commit | 94bc38e6c1f1422bcd5362af043dff2cb48961fa (patch) | |
tree | 2e6bef96108b64a5a90b0974321929c05eb9125e | |
parent | a7e93690afa02053373a59061f310f6f3953f254 (diff) | |
download | nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar.gz nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar.bz2 nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar.lz nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar.xz nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.tar.zst nixpkgs-94bc38e6c1f1422bcd5362af043dff2cb48961fa.zip |
nixos/bind: Allow to set extra options
BIND doesn't allow the options section (or any section I'd guess) to be defined more than once, so whenever you want to set an additional option you're stuck using weird hacks like this: services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ]; This basically exploits the fact that values coming from the module options aren't escaped and thus works in a similar vain to how SQL injection works. Another option would be to just set configFile to a file that includes all the options, including zones. That obviously makes the configuration way less extensible and more awkward to use with the module system. To make sure this change does work correctly I added a small test just for that. The test could use some improvements, but better to have a test rather than none at all. For a future improvement the test could be merged with the NSD test, because both use the same zone file format. This change has been reviewed in #40053 and after not getting any opposition, I'm hereby adding this to master. Signed-off-by: aszlig <aszlig@nix.build> Cc: @peti, @edolstra Closes: #40053
-rw-r--r-- | nixos/modules/services/networking/bind.nix | 10 | ||||
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/bind.nix | 27 |
3 files changed, 38 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix index 763283dfe7a..7775a4bd87f 100644 --- a/nixos/modules/services/networking/bind.nix +++ b/nixos/modules/services/networking/bind.nix @@ -27,6 +27,7 @@ let forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} }; directory "/var/run/named"; pid-file "/var/run/named/named.pid"; + ${cfg.extraOptions} }; ${cfg.extraConfig} @@ -141,6 +142,15 @@ in "; }; + extraOptions = mkOption { + type = types.lines; + default = ""; + description = '' + Extra lines to be added verbatim to the options section of the + generated named configuration file. + ''; + }; + configFile = mkOption { type = types.path; default = confFile; diff --git a/nixos/release.nix b/nixos/release.nix index 78448b5c970..1e52c0f86a7 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -248,6 +248,7 @@ in rec { tests.avahi = callTest tests/avahi.nix {}; tests.beegfs = callTest tests/beegfs.nix {}; tests.bittorrent = callTest tests/bittorrent.nix {}; + tests.bind = callTest tests/bind.nix {}; tests.blivet = callTest tests/blivet.nix {}; tests.boot = callSubTests tests/boot.nix {}; tests.boot-stage1 = callTest tests/boot-stage1.nix {}; diff --git a/nixos/tests/bind.nix b/nixos/tests/bind.nix new file mode 100644 index 00000000000..1f8c1dc7be4 --- /dev/null +++ b/nixos/tests/bind.nix @@ -0,0 +1,27 @@ +import ./make-test.nix { + name = "bind"; + + machine = { pkgs, lib, ... }: { + services.bind.enable = true; + services.bind.extraOptions = "empty-zones-enable no;"; + services.bind.zones = lib.singleton { + name = "."; + file = pkgs.writeText "root.zone" '' + $TTL 3600 + . IN SOA ns.example.org. admin.example.org. ( 1 3h 1h 1w 1d ) + . IN NS ns.example.org. + + ns.example.org. IN A 192.168.0.1 + ns.example.org. IN AAAA abcd::1 + + 1.0.168.192.in-addr.arpa IN PTR ns.example.org. + ''; + }; + }; + + testScript = '' + $machine->waitForUnit('bind.service'); + $machine->waitForOpenPort(53); + $machine->succeed('host 192.168.0.1 127.0.0.1 | grep -qF ns.example.org'); + ''; +} |