pyrox.dev / nixpkgs
lol
fork atom

nixos/nsd: Allow to configure root zone

When trying to run NSD to serve the root zone, one gets the following
error message:

error: illegal name: '.'

This is because the name of the zone is used as the derivation name for
building the zone file. However, Nix doesn't allow derivation names
starting with a period.

So whenever the zone is "." now, the file name generated is "root"
instead of ".".

I also added an assertion that makes sure the user sets
services.nsd.rootServer, otherwise NSD will fail at runtime because it
prevents serving the root zone without an explicit compile-time option.

Tested this by adding a root zone to the "nsd" NixOS VM test.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @hrdinka, @qknight

aszlig 1eeeceb9 2b499afa

options
unified split
Changed files
+20 -3
nixos
modules
services
networking
nsd.nix
tests
nsd.nix
+11 -3
nixos/modules/services/networking/nsd.nix 
···

       
20

       
 

       
    zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;


     

       
21

       
 

       
  };


     

       
22

       
 

       



     

       

       

       
     

       
23

       
 

       



     

       
24

       
 

       
  nsdEnv = pkgs.buildEnv {


     

       
25

       
 

       
    name = "nsd-env";


     
···

       
50

       
 

       
  };


     

       
51

       
 

       



     

       
52

       
 

       
  writeZoneData = name: text: pkgs.writeTextFile {


     

       
53

       
-

       
    inherit name text;


     

       
54

       
-

       
    destination = "/zones/${name}";


     

       

       

       
     

       
55

       
 

       
  };


     

       
56

       
 

       



     

       
57

       
 

       



     
···

       
146

       
 

       
  zoneConfigFile = name: zone: ''


     

       
147

       
 

       
    zone:


     

       
148

       
 

       
      name:         "${name}"


     

       
149

       
-

       
      zonefile:     "${stateDir}/zones/${name}"


     

       
150

       
 

       
      ${maybeString "outgoing-interface: " zone.outgoingInterface}


     

       
151

       
 

       
    ${forEach     "  rrl-whitelist: "      zone.rrlWhitelist}


     

       
152

       
 

       
      ${maybeString "zonestats: "          zone.zoneStats}


     
···

       
886

       
 

       
  };


     

       
887

       
 

       



     

       
888

       
 

       
  config = mkIf cfg.enable {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
889

       
 

       



     

       
890

       
 

       
    environment.systemPackages = [ nsdPkg ];


     

       
891

       
 

       



     
···

       
20

       
 

       
    zoneStats = length (collect (x: (x.zoneStats or null) != null) cfg.zones) > 0;


     

       
21

       
 

       
  };


     

       
22

       
 

       



     

       
23

       
+

       
  mkZoneFileName = name: if name == "." then "root" else name;


     

       
24

       
 

       



     

       
25

       
 

       
  nsdEnv = pkgs.buildEnv {


     

       
26

       
 

       
    name = "nsd-env";


     
···

       
51

       
 

       
  };


     

       
52

       
 

       



     

       
53

       
 

       
  writeZoneData = name: text: pkgs.writeTextFile {


     

       
54

       
+

       
    name = "nsd-zone-${mkZoneFileName name}";


     

       
55

       
+

       
    inherit text;


     

       
56

       
+

       
    destination = "/zones/${mkZoneFileName name}";


     

       
57

       
 

       
  };


     

       
58

       
 

       



     

       
59

       
 

       



     
···

       
148

       
 

       
  zoneConfigFile = name: zone: ''


     

       
149

       
 

       
    zone:


     

       
150

       
 

       
      name:         "${name}"


     

       
151

       
+

       
      zonefile:     "${stateDir}/zones/${mkZoneFileName name}"


     

       
152

       
 

       
      ${maybeString "outgoing-interface: " zone.outgoingInterface}


     

       
153

       
 

       
    ${forEach     "  rrl-whitelist: "      zone.rrlWhitelist}


     

       
154

       
 

       
      ${maybeString "zonestats: "          zone.zoneStats}


     
···

       
888

       
 

       
  };


     

       
889

       
 

       



     

       
890

       
 

       
  config = mkIf cfg.enable {


     

       
891

       
+

       



     

       
892

       
+

       
    assertions = singleton {


     

       
893

       
+

       
      assertion = zoneConfigs ? "." -> cfg.rootServer;


     

       
894

       
+

       
      message = "You have a root zone configured. If this is really what you "


     

       
895

       
+

       
              + "want, please enable 'services.nsd.rootServer'.";


     

       
896

       
+

       
    };


     

       
897

       
 

       



     

       
898

       
 

       
    environment.systemPackages = [ nsdPkg ];


     

       
899
+9
nixos/tests/nsd.nix 
···

       
41

       
 

       
        { address = "dead:beef::1"; prefixLength = 64; }


     

       
42

       
 

       
      ];


     

       
43

       
 

       
      services.nsd.enable = true;


     

       

       

       
     

       
44

       
 

       
      services.nsd.interfaces = lib.mkForce [];


     

       
45

       
 

       
      services.nsd.zones."example.com.".data = ''


     

       
46

       
 

       
        @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600


     
···

       
54

       
 

       
        @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600


     

       
55

       
 

       
        @ A 9.8.7.6


     

       
56

       
 

       
        @ AAAA fedc::bbaa


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
57

       
 

       
      '';


     

       
58

       
 

       
    };


     

       
59

       
 

       
  };


     
···

       
86

       
 

       



     

       
87

       
 

       
        assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);


     

       
88

       
 

       
        assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);


     

       

       

       
     

       

       

       
     

       

       

       
     

       
89

       
 

       
      };


     

       
90

       
 

       
    }


     

       
91

       
 

       
  '';


     
···

       
41

       
 

       
        { address = "dead:beef::1"; prefixLength = 64; }


     

       
42

       
 

       
      ];


     

       
43

       
 

       
      services.nsd.enable = true;


     

       
44

       
+

       
      services.nsd.rootServer = true;


     

       
45

       
 

       
      services.nsd.interfaces = lib.mkForce [];


     

       
46

       
 

       
      services.nsd.zones."example.com.".data = ''


     

       
47

       
 

       
        @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600


     
···

       
55

       
 

       
        @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600


     

       
56

       
 

       
        @ A 9.8.7.6


     

       
57

       
 

       
        @ AAAA fedc::bbaa


     

       
58

       
+

       
      '';


     

       
59

       
+

       
      services.nsd.zones.".".data = ''


     

       
60

       
+

       
        @ SOA ns.example.com noc.example.com 666 7200 3600 1209600 3600


     

       
61

       
+

       
        root A 1.8.7.4


     

       
62

       
+

       
        root AAAA acbd::4


     

       
63

       
 

       
      '';


     

       
64

       
 

       
    };


     

       
65

       
 

       
  };


     
···

       
92

       
 

       



     

       
93

       
 

       
        assertHost($_, "a", "deleg.example.com", qr/address 9.8.7.6$/);


     

       
94

       
 

       
        assertHost($_, "aaaa", "deleg.example.com", qr/address fedc::bbaa$/);


     

       
95

       
+

       



     

       
96

       
+

       
        assertHost($_, "a", "root", qr/address 1.8.7.4$/);


     

       
97

       
+

       
        assertHost($_, "aaaa", "root", qr/address acbd::4$/);


     

       
98

       
 

       
      };


     

       
99

       
 

       
    }


     

       
100

       
 

       
  '';