nixos/bind: allow zone declaration in nix expression #87973
Conversation
| '' | ||
| zone "${name}" { | ||
| type ${if master then "master" else "slave"}; | ||
| file "${if (builtins.isAttrs file) && !(isDerivation file) then zoneFile { inherit name; opts = file; } else file}"; |
There was a problem hiding this comment.
Is there a better way to solve this?
file was previously untyped, thus str, path, or derivation (which result in a path) was accepted (maybe even more types?)
Now file should allow the previous types OR the new submodule, what's the best way to check which one it is?
paumr
changed the title
|
No hard opinion, but I'd probably put tools for zone-file generation separately, as they could be used more universally (typically in other DNS servers). 🤔 though perhaps I'm personally still unclear why { name = "ns"; value = "192.168.1.1"; }seems easier than "ns A 192.168.1.1"(using interpolations if need be) |
Where would you put it?
The idea was to abstract away the implementation details (aka. zone file).
Reasoning on why not
Also: This format works quite nicely with more complex setups, e.g.: records = map # add default type (not required since it's already A)
(x: x // { type = "A"; }) [
{ name = "toaster"; value = "10.0.3.1"; }
{ name = "localnews"; value = ip; }
{ name = "router"; value = ip; }
{ name = "ns"; value = ip; }
] ++ # reserved devices (aka poor man's zeroconf)
map (x: { name = x.hostName; value = x.ipAddress; }) machines; |
I'd rather have the zone checked by a DNS server (during build time of the configs). Overall it's perhaps a personal preference of not introducing yet another format unless there's some significant benefit, but I might be a little biased due to knowing the zonefile format (though I know lots of nix as well).
I'm not sure whether it's such a big difference; I think nix is quite good with string manipulation, though perhaps those functions are a little more cumbersome: lib.concatMapStringsSep "\n" (x: "${x.hostName} A ${x.ipAddress}") |
The DNS server still checks the format, this merely adds an additional check during compile-time (to prevent failure upon deployment).
I guess you are right, it's a matter of preference, everyone can easily write his/her own zone-file generator on a per-project basis. To add a comparison of the two configuration methods (both would be possible after the change): {
name = ".";
file =
let
enries = [
{ name = "ns"; value = "192.168.1.1"; }
{ name = "webserver"; value = "192.168.1.1"; }
];
primary_name = "ns.example.org";
mail = "admin.example.org";
in
pkgs.writeText "root.zone" ''
$TTL 3600
. IN SOA ${primary_name}. ${mail}. ( 1 8h 2h 4w 1d )
. IN NS ${primary_name}.
${lib.concatMapStringsSep "\n" (x: "${x.name} A ${x.value}") entries}
'';
}{
name = "example.org";
file = {
serial = 1;
name_primary = "ns"; # default value - not required
owner = "admin.example.org"; # default generated value - not required
records = [
{ name = "ns"; value = "192.168.1.1"; }
{ name = "webserver"; value = "192.168.1.1"; }
];
};
}Note: this is pseudo code (aka i didn't run it) |
Probably somewhere inside the |
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
stale
bot
removed
the
2.status: stale
|
I marked this as stale due to inactivity. → More info |
stale
bot
added
the
2.status: stale
Motivation for this change
This PR will allow the declaration of zone-files with a nix expression.
Minimal example:
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)