diff options
author | Michael Weiss <dev.primeos@gmail.com> | 2020-05-25 14:01:26 +0200 |
---|---|---|
committer | Michael Weiss <dev.primeos@gmail.com> | 2020-05-25 18:13:39 +0200 |
commit | 993baa587c4b82e791686f6ce711bcd4ee8ef933 (patch) | |
tree | a8d4958eefbd0a2ce5ef6a0aa0552000e3322e04 /nixos | |
parent | 837ec31493bc1daf5fbbbf651199b4cee4d073b7 (diff) | |
download | nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar.gz nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar.bz2 nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar.lz nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar.xz nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.tar.zst nixlib-993baa587c4b82e791686f6ce711bcd4ee8ef933.zip |
nixos: Require networking.hostName to be a valid DNS label
This also means that the hostname must not contain the domain name part anymore (i.e. must not be a FQDN). See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1]. Note: For legacy reasons we also allow underscores inside of the label but this is not recommended and intentionally left undocumented. [0]: https://tools.ietf.org/html/rfc1035 [1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname Co-authored-by: zimbatm <zimbatm@zimbatm.com>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 10 | ||||
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 16 |
2 files changed, 23 insertions, 3 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 3166f98907cd..e17e8ac24d13 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -431,6 +431,16 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; <literal>networking.hosts = lib.mkForce { "127.0.1.1" = [ config.networking.hostName ]; };</literal>. </para> </listitem> + <listitem> + <para> + The hostname (<literal>networking.hostName</literal>) must now be a valid + DNS label (see RFC 1035) and as such must not contain the domain part. + This means that the hostname must start with a letter, end with a letter + or digit, and have as interior characters only letters, digits, and + hyphen. The maximum length is 63 characters. Additionally it is + recommended to only use lower-case characters. + </para> + </listitem> </itemizedlist> </section> diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 44677d417ead..12cff6b038f8 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -376,10 +376,20 @@ in networking.hostName = mkOption { default = "nixos"; - type = types.str; + # Only allow hostnames without the domain name part (i.e. no FQDNs, see + # e.g. "man 5 hostname") and require valid DNS labels (recommended + # syntax). Note: We also allow underscores for compatibility/legacy + # reasons (as undocumented feature): + type = types.strMatching + "^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$"; description = '' - The name of the machine. Leave it empty if you want to obtain - it from a DHCP server (if using DHCP). + The name of the machine. Leave it empty if you want to obtain it from a + DHCP server (if using DHCP). The hostname must be a valid DNS label (see + RFC 1035 section 2.3.1: "Preferred name syntax") and as such must not + contain the domain part. This means that the hostname must start with a + letter, end with a letter or digit, and have as interior characters only + letters, digits, and hyphen. The maximum length is 63 characters. + Additionally it is recommended to only use lower-case characters. ''; }; |