diff options
Diffstat (limited to 'nixos/tests/knot.nix')
-rw-r--r-- | nixos/tests/knot.nix | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/nixos/tests/knot.nix b/nixos/tests/knot.nix index 0588cf86ac0..8bab917a351 100644 --- a/nixos/tests/knot.nix +++ b/nixos/tests/knot.nix @@ -28,6 +28,13 @@ let name = "knot-zones"; paths = [ exampleZone delegatedZone ]; }; + # DO NOT USE pkgs.writeText IN PRODUCTION. This put secrets in the nix store! + tsigFile = pkgs.writeText "tsig.conf" '' + key: + - id: slave_key + algorithm: hmac-sha256 + secret: zOYgOgnzx3TGe5J5I/0kxd7gTcxXhLYMEq3Ek3fY37s= + ''; in { name = "knot"; meta = with pkgs.stdenv.lib.maintainers; { @@ -48,6 +55,7 @@ in { }; services.knot.enable = true; services.knot.extraArgs = [ "-v" ]; + services.knot.keyFiles = [ tsigFile ]; services.knot.extraConfig = '' server: listen: 0.0.0.0@53 @@ -56,6 +64,7 @@ in { acl: - id: slave_acl address: 192.168.0.2 + key: slave_key action: transfer remote: @@ -103,6 +112,7 @@ in { ]; }; services.knot.enable = true; + services.knot.keyFiles = [ tsigFile ]; services.knot.extraArgs = [ "-v" ]; services.knot.extraConfig = '' server: @@ -117,6 +127,7 @@ in { remote: - id: master address: 192.168.0.1@53 + key: slave_key template: - id: default @@ -155,10 +166,10 @@ in { ]; }; environment.systemPackages = [ pkgs.knot-dns ]; - }; + }; }; - testScript = { nodes, ... }: let + testScript = { nodes, ... }: let master4 = (lib.head nodes.master.config.networking.interfaces.eth1.ipv4.addresses).address; master6 = (lib.head nodes.master.config.networking.interfaces.eth1.ipv6.addresses).address; |