Age | Commit message (Collapse) | Author |
|
* gnu/services/dns.scm (knot-shepherd-service): Add 'actions' field.
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[cpe-id]: Change cpe-id
default value to #f instead of #t.
|
|
* gnu/service/dns.scm: (<dnsmasq-configuration>)[servers-file]: Add.
(<dnsmasq-configuration>)[tftp-secure?]: Fix typo in parameter name.
* doc/guix.texi: Document (<dnsmasq-configuration>)[servers-file].
Signed-off-by: Andrew Tropin <andrew@trop.in>
|
|
The Knot DNS service in Guix uses two days, or 48 hours, for the SOA
refresh interval but that is outside the range of RFC 1912, which is
entitled "Common DNS Operational and Configuration Errors." [1]
Section 2.2 of RFC 1912 recommends a maximum of 12 hours for the SOA
refresh rate: "You can keep it short (20 mins to 2 hours) if you
aren't worried about a small increase in bandwidth used, or longer
(2-12 hours) if your Internet connection is slow or is started on
demand."
This commit sets the default refresh interval at the nearest value
recommended by the standard, which is 12 hours.
Due to the widespread adoption of NOTIFY messages between primary and
secondary DNS servers, the SOA refresh interval has arguably lost some
importance, but the Guix default should still be in line with the
standards.
Values outside the recommended range can provoke warning messages from
services commonly used to find bugs in DNS configurations, such as the
MX Toolbox Super Tool. [2]
[1] https://datatracker.ietf.org/doc/rfc1912/
[2] https://mxtoolbox.com/SuperTool.aspx
* gnu/services/dns.scm (<zone-file>)[refresh]: Default to (* 12 3600).
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
* gnu/services/dns.scm (ddclient-activation): Remove (ice-9 rdelim) from the
with-imported-modules form.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>): Add
forward-private-reverse-lookup?, strict-order? and cpe-id options.
(dnsmasq-shepherd-service): Pass added options to dnsmasq and use
match-record instead of match-lambda.
* doc/guix.texi (Guix Services): Document options added to dnsmasq.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/authentication.scm (fprintd-configuration)
(nslcd-configuration): Substitute file-like objects for package ones.
* gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration):
Likewise.
* gnu/services/cups.scm (package-list?, cups-configuration): Likewise.
* gnu/services/dns.scm (verify-knot-configuration)
(ddclient-configuration): Likewise.
* gnu/services/docker.scm (docker-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise.
* gnu/services/getmail.scm (getmail-configuration): Likewise.
* gnu/services/mail.scm (dovecot-configuration)
(opaque-dovecot-configuration): Likewise.
* gnu/services/messaging.scm (prosody-configuration)
(opaque-prosody-configuration): Likewise.
* gnu/services/monitoring.scm (zabbix-server-configuration)
(zabbix-agent-configuration): Likewise.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-configuration): Likewise.
* gnu/services/virtualization.scm (libvirt-configuration)
(qemu-guest-agent-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
|
|
It is now silently ignored by knotd.
* gnu/services/dns.scm (<knot-zone-configuration>):
Remove DISABLE-ANY? field. Adjust all previous users.
* doc/guix.texi (DNS Services): Undocument it.
|
|
* gnu/services/dns.scm (dnsmasq-activation): New procedure …
(dnsmasq-service-type): … use it.
|
|
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/services/dns.scm (verify-knot-key-configuration): Fix the
order of memq arguments.
(verify-knot-keystore-configuration): Likewise.
(verify-knot-acl-configuration): Replace fold with every procedure.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
This silences a warning from the service at startup.
* gnu/services/dns.scm (knot-resolver-shepherd-services)[start]: Use the "-n"
command-line option to kresd in place of the deprecated "-f 1".
Signed-off-by: Leo Famulari <leo@famulari.name>
|
|
* gnu/services/dns.scm (<dnsmasq-configuration>): Add TFTP configuration
fields.
(dnsmasq-shepherd-service): Use them.
* doc/guix.texi (DNS Services): Document them.
|
|
* gnu/services/dbus.scm (polkit-service-type)[description]: New field.
* gnu/services/dict.scm (dicod-service-type)[description]: New field.
* gnu/services/dns.scm (knot-service-type)[description]: New field.
* gnu/services/networking.scm (dhcpd-service-type)[description]: New field.
* gnu/services/shepherd.scm (shepherd-root-service-type)[description]:
New field.
* gnu/services/xorg.scm (slim-service-type)[description]: New field.
(screen-locker-service-type)[description]: New field.
* gnu/system/pam.scm (pam-root-service-type)[description]: New field.
* gnu/system/shadow.scm (account-service-type)[description]: New field.
|
|
Introduce a new `addresses' field that translates to passing `--address='
multiple times to dnsmasq.
* gnu/services/dns.scm (<dnsmasq-configuration>): Add an addresses field.
(dnsmasq-shepherd-service): Match the addresses field and translate it to
multiple '--address=' flags.
* doc/guix.texi (DNS Services): Document it.
Signed-off-by: 宋文武 <iyzsong@member.fsf.org>
|
|
* gnu/services/dns.scm (%kresd.conf): Add /var/cache/knot-resolver/root.keys
as the root TA.
|
|
* gnu/services/dns.scm (<knot-resolver-configuration>): New record type.
(knot-resolver-activation, knot-resolver-shpherd-services): New procedures.
(%knot-resolver-accounts, %kresd.conf, knot-resolver-service-type): New
variables.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm: Fix typos.
|
|
* gnu/services/dns.scm (knot-zone-configuration)[zonefile-load]
[journal-content, max-journal-usage, max-journal-depth, max-zone-size]:
New fields.
(knot-zone-config): Serialize them.
* doc/guix.texi (DNS Services): Document them.
|
|
Fixes a regression introduced in
92eb600f8a94afa36142f8f145efaa485b632433.
* gnu/services/dns.scm (knot-config-file): Add ungexp around call to
'knot-configuration-includes'.
|
|
* gnu/services/dns.scm (format-string-list): Fix formating of lists with
only one symbol.
|
|
* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
|
|
This patch fixes warnings about unrecognized keywords in logs.
* gnu/services/dns.scm (serialize-field): Skip some field names.
|
|
* gnu/services/dns.scm (ddclient-activation): Fix procedure.
|
|
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm (dnsmasq-service-type)
[default-value, description]: New fields.
|
|
The 'no-negcache?' option is mapped to the '--no-negcache' command-line
argument directly, but we're in the scheme world, where the general guideline
is to avoid double-negations in identifiers.
* gnu/services/dns.scm <dnsmasq-configuration>: Replace the 'no-negcache?'
field with 'negative-cache?'.
* doc/guix.texi (DNS Services)[Dnsmasq Service]: Adjust accordingly.
|
|
* gnu/services/dns.scm (dnsmasq-service-type): New variable.
(<dnsmasq-configuration>): New record type.
(dnsmasq-shepherd-service): New procedure.
* doc/guix.texi (DNS Services): Document it.
|
|
* gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers
instead of duration strings.
(verify-knot-policy-configuration): Fix typo.
* doc/guix.texi (DNS Services): Update documentation.
|
|
* gnu/services/dns.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (DNS Services): New subsubsection.
|