diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2019-01-10 10:48:50 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2019-01-10 11:00:40 +0100 |
commit | 829ada37bfd5ded69b874ff23e6c313b5cbfc678 (patch) | |
tree | d6e655c55b64d3820983fced0f39b6b2cea78b70 /nixos/modules | |
parent | 8fc21a347e06c11afeba08ca8a868a4537e51f5f (diff) | |
parent | 6446d9eee88e6a708f7d48c69bb0d9001bac9f7a (diff) | |
download | nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar.gz nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar.bz2 nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar.lz nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar.xz nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.tar.zst nixlib-829ada37bfd5ded69b874ff23e6c313b5cbfc678.zip |
Merge #53365: nixos/nsd: Don't override bind via nixpkgs.config
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/networking/nsd.nix | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index cde47bf23eae..8b918dab86dd 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -435,7 +435,9 @@ let dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs); - dnssec = length (attrNames dnssecZones) != 0; + dnssec = dnssecZones != {}; + + dnssecTools = pkgs.bind.override { enablePython = true; }; signZones = optionalString dnssec '' mkdir -p ${stateDir}/dnssec @@ -445,8 +447,8 @@ let ${concatStrings (mapAttrsToList signZone dnssecZones)} ''; signZone = name: zone: '' - ${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name} - ${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name} + ${dnssecTools}/bin/dnssec-keymgr -g ${dnssecTools}/bin/dnssec-keygen -s ${dnssecTools}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name} + ${dnssecTools}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name} ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name} ''; policyFile = name: policy: pkgs.writeText "${name}.policy" '' @@ -953,10 +955,6 @@ in ''; }; - nixpkgs.config = mkIf dnssec { - bind.enablePython = true; - }; - systemd.timers."nsd-dnssec" = mkIf dnssec { description = "Automatic DNSSEC key rollover"; |