nixos/nsd: Allow to configure root zone

When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight
This commit is contained in:
aszlig 2018-05-07 03:59:38 +02:00
parent 2b499afa63
commit 1eeeceb9c7
No known key found for this signature in database
GPG Key ID: 684089CE67EBB691
2 changed files with 20 additions and 3 deletions

View File

@ -20,6 +20,7 @@ let
zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;
};
mkZoneFileName = name: if name == "." then "root" else name;
nsdEnv = pkgs.buildEnv {
name = "nsd-env";
@ -50,8 +51,9 @@ let
};
writeZoneData = name: text: pkgs.writeTextFile {
inherit name text;
destination = "/zones/${name}";
name = "nsd-zone-${mkZoneFileName name}";
inherit text;
destination = "/zones/${mkZoneFileName name}";
};
@ -146,7 +148,7 @@ let
zoneConfigFile = name: zone: ''
zone:
name: "${name}"
zonefile: "${stateDir}/zones/${name}"
zonefile: "${stateDir}/zones/${mkZoneFileName name}"
${maybeString "outgoing-interface: " zone.outgoingInterface}
${forEach " rrl-whitelist: " zone.rrlWhitelist}
${maybeString "zonestats: " zone.zoneStats}
@ -887,6 +889,12 @@ in
config = mkIf cfg.enable {
assertions = singleton {
assertion = zoneConfigs ? "." -> cfg.rootServer;
message = "You have a root zone configured. If this is really what you "
+ "want, please enable 'services.nsd.rootServer'.";
};
environment.systemPackages = [ nsdPkg ];
users.extraGroups = singleton {

View File

@ -41,6 +41,7 @@ in import ./make-test.nix ({ pkgs, ...} : {
{ address = "dead:beef::1"; prefixLength = 64; }
];
services.nsd.enable = true;
services.nsd.rootServer = true;
services.nsd.interfaces = lib.mkForce [];
services.nsd.zones."example.com.".data = ''
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
@ -55,6 +56,11 @@ in import ./make-test.nix ({ pkgs, ...} : {
@ A 9.8.7.6
@ AAAA fedc::bbaa
'';
services.nsd.zones.".".data = ''
@ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600
root A 1.8.7.4
root AAAA acbd::4
'';
};
};
@ -86,6 +92,9 @@ in import ./make-test.nix ({ pkgs, ...} : {
assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);
assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);
assertHost($_, "a", "root", qr/address 1.8.7.4$/);
assertHost($_, "aaaa", "root", qr/address acbd::4$/);
};
}
'';