commit 1eeeceb9c7e52734536a4e10323634d4ada2f27e

pyrox.dev / nixpkgs

lol

nixos/nsd: Allow to configure root zone

When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight

aszlig 7 years ago 1eeeceb9 2b499afa

+20 -3

2 changed files

expand all

unified split

nixos

modules

services

networking

nsd.nix

tests

nsd.nix

+11 -3

nixos/modules/services/networking/nsd.nix

··· 20 20 zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0; 21 21 }; 22 22 23 + mkZoneFileName = name: if name == "." then "root" else name; 23 24 24 25 nsdEnv = pkgs.buildEnv { 25 26 name = "nsd-env"; ··· 50 51 }; 51 52 52 53 writeZoneData = name: text: pkgs.writeTextFile { 53 - inherit name text; 54 - destination = "/zones/${name}"; 54 + name = "nsd-zone-${mkZoneFileName name}"; 55 + inherit text; 56 + destination = "/zones/${mkZoneFileName name}"; 55 57 }; 56 58 57 59 ··· 146 148 zoneConfigFile = name: zone: '' 147 149 zone: 148 150 name: "${name}" 149 - zonefile: "${stateDir}/zones/${name}" 151 + zonefile: "${stateDir}/zones/${mkZoneFileName name}" 150 152 ${maybeString "outgoing-interface: " zone.outgoingInterface} 151 153 ${forEach " rrl-whitelist: " zone.rrlWhitelist} 152 154 ${maybeString "zonestats: " zone.zoneStats} ··· 886 888 }; 887 889 888 890 config = mkIf cfg.enable { 891 + 892 + assertions = singleton { 893 + assertion = zoneConfigs ? "." -> cfg.rootServer; 894 + message = "You have a root zone configured. If this is really what you " 895 + + "want, please enable 'services.nsd.rootServer'."; 896 + }; 889 897 890 898 environment.systemPackages = [ nsdPkg ]; 891 899

nixos/tests/nsd.nix

··· 41 41 { address = "dead:beef::1"; prefixLength = 64; } 42 42 ]; 43 43 services.nsd.enable = true; 44 + services.nsd.rootServer = true; 44 45 services.nsd.interfaces = lib.mkForce []; 45 46 services.nsd.zones."example.com.".data = '' 46 47 @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600 ··· 54 55 @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600 55 56 @ A 9.8.7.6 56 57 @ AAAA fedc::bbaa 58 + ''; 59 + services.nsd.zones.".".data = '' 60 + @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600 61 + root A 1.8.7.4 62 + root AAAA acbd::4 57 63 ''; 58 64 }; 59 65 }; ··· 86 92 87 93 assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/); 88 94 assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/); 95 + 96 + assertHost($_, "a", "root", qr/address 1.8.7.4$/); 97 + assertHost($_, "aaaa", "root", qr/address acbd::4$/); 89 98 }; 90 99 } 91 100 '';