···

       
24
       
24
       
 
       
  confNoServer = concatStringsSep "\n" ((mapAttrsToList (toConf "") (builtins.removeAttrs cfg.settings [ "server" ])) ++ [""]);

     

       
25
       
25
       
 
       
  confServer = concatStringsSep "\n" (mapAttrsToList (toConf "  ") (builtins.removeAttrs cfg.settings.server [ "define-tag" ]));

     

       
26
       
26
       
 
       


     

       
27
       
27
       
-
       
  confFile = pkgs.writeText "unbound.conf" ''

     

       
27
       
27
       
+
       
  confFileUnchecked = pkgs.writeText "unbound.conf" ''

     

       
28
       
28
       
 
       
    server:

     

       
29
       
29
       
 
       
    ${optionalString (cfg.settings.server.define-tag != "") (toOption "  " "define-tag" cfg.settings.server.define-tag)}

     

       
30
       
30
       
 
       
    ${confServer}

     

       
31
       
31
       
 
       
    ${confNoServer}

     

       
32
       
32
       
 
       
  '';

     

       
33
       
33
       
+
       
  confFile = if cfg.checkconf then pkgs.runCommandLocal "unbound-checkconf" { } ''

     

       
34
       
34
       
+
       
    cp ${confFileUnchecked} unbound.conf

     

       
35
       
35
       
+
       


     

       
36
       
36
       
+
       
    # fake stateDir which is not accesible in the sandbox

     

       
37
       
37
       
+
       
    mkdir -p $PWD/state

     

       
38
       
38
       
+
       
    sed -i unbound.conf \

     

       
39
       
39
       
+
       
      -e '/auto-trust-anchor-file/d' \

     

       
40
       
40
       
+
       
      -e "s|${cfg.stateDir}|$PWD/state|"

     

       
41
       
41
       
+
       
    ${cfg.package}/bin/unbound-checkconf unbound.conf

     

       
42
       
42
       
+
       


     

       
43
       
43
       
+
       
    cp ${confFileUnchecked} $out

     

       
44
       
44
       
+
       
  '' else confFileUnchecked;

     

       
33
       
45
       
 
       


     

       
34
       
46
       
 
       
  rootTrustAnchorFile = "${cfg.stateDir}/root.key";

     

       
35
       
47
       
 
       


     
···

       
60
       
72
       
 
       
        type = types.path;

     

       
61
       
73
       
 
       
        default = "/var/lib/unbound";

     

       
62
       
74
       
 
       
        description = lib.mdDoc "Directory holding all state for unbound to run.";

     

       
75
       
75
       
+
       
      };

     

       
76
       
76
       
+
       


     

       
77
       
77
       
+
       
      checkconf = mkOption {

     

       
78
       
78
       
+
       
        type = types.bool;

     

       
79
       
79
       
+
       
        default = !cfg.settings ? include;

     

       
80
       
80
       
+
       
        defaultText = "!config.services.unbound.settings ? include";

     

       
81
       
81
       
+
       
        description = lib.mdDoc ''

     

       
82
       
82
       
+
       
          Wether to check the resulting config file with unbound checkconf for syntax errors.

     

       
83
       
83
       
+
       


     

       
84
       
84
       
+
       
          If settings.include is used, then this options is disabled, as the import can likely not be resolved at build time.

     

       
85
       
85
       
+
       
        '';

     

       
63
       
86
       
 
       
      };

     

       
64
       
87
       
 
       


     

       
65
       
88
       
 
       
      resolveLocalQueries = mkOption {