Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add modules for tinydns and dnscache from djbdns #29450

Merged
merged 4 commits into from Sep 24, 2017
Merged

Add modules for tinydns and dnscache from djbdns #29450

merged 4 commits into from Sep 24, 2017

Conversation

jerith666
Copy link
Contributor

@jerith666 jerith666 commented Sep 16, 2017
edited

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

Mic92
Mic92 reviewed Sep 16, 2017
View reviewed changes
pkgs/tools/networking/djbdns/default.nix
mv -iv djbdns-man/*.$n man/man$n;
done;
rm -rv djbdns-man;
'';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about meta? Do you want to maintain this package?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, forgot to add that -- fixed in new commits!

@jerith666
Copy link
Contributor Author

@Mic92 your commits afd58bd and 9f80f65 also look like good improvements, I'll test them as soon as I can.

joachifm
joachifm reviewed Sep 17, 2017
View reviewed changes
nixos/modules/services/networking/tinydns.nix Outdated
wantedBy = [ "multi-user.target" ];
path = with pkgs; [ daemontools djbdns ];
preStart = ''
rm -rf /var/lib/tinydns;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the data is nuked on every startup, is there a benefit to allocating a static uid?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think not, but I didn't realize until I saw @Mic92's commits that it was even possible to not allocate a static uid. :) Will look into it.

Mic92
Mic92 reviewed Sep 17, 2017
View reviewed changes
nixos/modules/misc/ids.nix Outdated
@@ -297,6 +297,8 @@
clickhouse = 278;
rslsync = 279;
minio = 280;
tinydns = 281;
dnscache = 282;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why did you remove these commits again?

@jerith666
nixos/tinydns: add module
ab851b6 
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
@jerith666
nixos/dnscache: add module
1b7e5ea 
with improvements suggested by Jörg Thalheim <joerg@thalheim.io>
@jerith666
Copy link
Contributor Author

Okay, I think all the issues have been addressed in the new versions of these commits that I just pushed. I've confirmed that I get working dns servers out of all of this. Please have another look -- thanks!

joachifm
joachifm reviewed Sep 24, 2017
View reviewed changes
nixos/modules/services/networking/dnscache.nix

config = mkIf config.services.dnscache.enable {
environment.systemPackages = [ pkgs.djbdns ];
users.extraUsers.dnscache = {};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the dnscache service supposed to run as this user? If so, add serviceConfig.User = "dnscache" to the unit definition below. I expect it then needs PermissionsStartOnly = true as well for the preStart script to work.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or does it do privsep itself, perhaps?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does it itself also because it binds port 53.

@Mic92
nixos/tinydns: default data to empty string
735b41c 
(not strictly required to start the service)
@Mic92 Mic92 merged commit 975c7b2 into NixOS:master Sep 24, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joachifm joachifm joachifm left review comments

@Mic92 Mic92 Mic92 left review comments

Assignees
No one assigned
Labels
8.has: module (new)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@jerith666 @joachifm @Mic92 @peterhoeg