Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/bind: Allow to set extra options #40053

Closed
wants to merge 1 commit into from
Closed

nixos/bind: Allow to set extra options #40053

wants to merge 1 commit into from

Conversation

aszlig
Copy link
Member

@aszlig aszlig commented May 7, 2018

BIND doesn't allow the options section (or any section I'd guess) to be defined more than once, so whenever you want to set an additional option you're stuck using weird hacks like this:

{ services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ]; }

This basically exploits the fact that values coming from the module options aren't escaped and thus works in a similar vain to how SQL injection works.

Another option would be to just set configFile to a file that includes all the options, including zones. That obviously makes the configuration way less extensible and more awkward to use with the module system.

To make sure this change does work correctly I added a small test just for that. The test could use some improvements, but better to have a test rather than none at all. For a future improvement the test could be merged with the NSD test, because both use the same zone file format.

@aszlig
nixos/bind: Allow to set extra options
fde3a50 
BIND doesn't allow the options section (or any section I'd guess) to be
defined more than once, so whenever you want to set an additional option
you're stuck using weird hacks like this:

services.bind.forwarders = lib.mkForce [ "}; empty-zones-enable no; #" ];

This basically exploits the fact that values coming from the module
options aren't escaped and thus works in a similar vain to how SQL
injection works.

Another option would be to just set configFile to a file that includes
all the options, including zones. That obviously makes the configuration
way less extensible and more awkward to use with the module system.

To make sure this change does work correctly I added a small test just
for that. The test could use some improvements, but better to have a
test rather than none at all. For a future improvement the test could be
merged with the NSD test, because both use the same zone file format.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @peti, @edolstra
@aszlig aszlig requested review from peti and edolstra May 7, 2018 01:37
peti
peti approved these changes May 7, 2018
View reviewed changes
Copy link
Member

@peti peti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like it! :-)

@aszlig aszlig closed this in 94bc38e May 30, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peti peti peti approved these changes

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
0.kind: enhancement 6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 0 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aszlig @peti @GrahamcOfBorg