Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/host-sink: init task module #47518

Closed
wants to merge 1 commit into from
Closed

nixos/host-sink: init task module #47518

wants to merge 1 commit into from

Conversation

edwtjo
Copy link
Member

@edwtjo edwtjo commented Sep 29, 2018

Motivation for this change

This appends known ads- and tracker hosts to the /etc/hosts and if services.unbound.enable to its extra config as local-data A entries. I'm personally a bit ambivalent to this change since it:

  1. Is nice to get rid of known bad hosts.
  2. It uses shaless builtins.fetchurl, with the problems that entails, to retrieve the upstream hosts lists in order to avoid pounding this module with shachanges.
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Fits CONTRIBUTING.md.

@mmahut
Copy link
Member

mmahut commented Aug 9, 2019

Any updates on this pull request, please?

@redvers
Copy link
Member

redvers commented Nov 19, 2019

I'm evaluating it now. I'm pretty conservative when it comes to downloading arbitrary things so it may take a few hours for me to check for things like potential command injection.

@redvers
Copy link
Member

redvers commented Nov 19, 2019

This branch is 48653 behind master - can you bring it up to current please?

@edwtjo edwtjo requested a review from infinisil as a code owner March 12, 2020 18:37
@infinisil
Copy link
Member

There is #80113 that adds StevenBlack-hosts, and I just introduced #81945 such that such modules wouldn't have to resort to importing from a derivation to add host files, which this PR can now use too (but not for unbound :/)

However this PR in its current state is a no-go, simply because it's not reproducible (in addition to the not-so-nice builtins.readFile). This seems like a good candidate for NUR instead (or Flakes in the future).

@edwtjo
Copy link
Member Author

edwtjo commented Mar 12, 2020

@infinisil great, I was never a fan of this PR

@edwtjo edwtjo closed this Mar 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@infinisil infinisil Awaiting requested review from infinisil

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@edwtjo @mmahut @redvers @infinisil @GrahamcOfBorg