2017-05-01 15:41:45 -04:00
|
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
|
|
|
|
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
|
2020-04-10 12:00:47 -04:00
|
|
|
|
;;; Copyright © 2020 Pierre Langlois <pierre.langlois@gmx.com>
|
2021-02-14 06:57:32 -05:00
|
|
|
|
;;; Copyright © 2021 Maxime Devos <maximedevos@telenet.be>
|
2017-05-01 15:41:45 -04:00
|
|
|
|
;;;
|
|
|
|
|
;;; This file is part of GNU Guix.
|
|
|
|
|
;;;
|
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
;;; your option) any later version.
|
|
|
|
|
;;;
|
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
|
;;;
|
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
(define-module (gnu services dns)
|
|
|
|
|
#:use-module (gnu services)
|
|
|
|
|
#:use-module (gnu services configuration)
|
|
|
|
|
#:use-module (gnu services shepherd)
|
|
|
|
|
#:use-module (gnu system shadow)
|
|
|
|
|
#:use-module (gnu packages admin)
|
|
|
|
|
#:use-module (gnu packages dns)
|
|
|
|
|
#:use-module (guix packages)
|
|
|
|
|
#:use-module (guix records)
|
|
|
|
|
#:use-module (guix gexp)
|
2021-02-14 06:57:32 -05:00
|
|
|
|
#:use-module (guix modules)
|
2017-05-01 15:41:45 -04:00
|
|
|
|
#:use-module (srfi srfi-1)
|
2018-06-02 11:23:45 -04:00
|
|
|
|
#:use-module (srfi srfi-26)
|
2017-05-01 15:41:45 -04:00
|
|
|
|
#:use-module (srfi srfi-34)
|
|
|
|
|
#:use-module (srfi srfi-35)
|
|
|
|
|
#:use-module (ice-9 match)
|
|
|
|
|
#:use-module (ice-9 regex)
|
|
|
|
|
#:export (knot-service-type
|
|
|
|
|
knot-acl-configuration
|
|
|
|
|
knot-key-configuration
|
|
|
|
|
knot-keystore-configuration
|
|
|
|
|
knot-zone-configuration
|
|
|
|
|
knot-remote-configuration
|
|
|
|
|
knot-policy-configuration
|
|
|
|
|
knot-configuration
|
|
|
|
|
define-zone-entries
|
|
|
|
|
zone-file
|
2018-06-02 11:23:45 -04:00
|
|
|
|
zone-entry
|
|
|
|
|
|
2019-11-09 04:05:50 -05:00
|
|
|
|
knot-resolver-service-type
|
|
|
|
|
knot-resolver-configuration
|
|
|
|
|
|
2018-06-02 11:23:45 -04:00
|
|
|
|
dnsmasq-service-type
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
dnsmasq-configuration
|
|
|
|
|
|
|
|
|
|
ddclient-service-type
|
|
|
|
|
ddclient-configuration))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; Knot DNS.
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-key-configuration>
|
|
|
|
|
knot-key-configuration make-knot-key-configuration
|
|
|
|
|
knot-key-configuration?
|
|
|
|
|
(id knot-key-configuration-id
|
|
|
|
|
(default ""))
|
|
|
|
|
(algorithm knot-key-configuration-algorithm
|
|
|
|
|
(default #f)); one of #f, or an algorithm name
|
|
|
|
|
(secret knot-key-configuration-secret
|
|
|
|
|
(default "")))
|
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-acl-configuration>
|
|
|
|
|
knot-acl-configuration make-knot-acl-configuration
|
|
|
|
|
knot-acl-configuration?
|
|
|
|
|
(id knot-acl-configuration-id
|
|
|
|
|
(default ""))
|
|
|
|
|
(address knot-acl-configuration-address
|
|
|
|
|
(default '()))
|
|
|
|
|
(key knot-acl-configuration-key
|
|
|
|
|
(default '()))
|
|
|
|
|
(action knot-acl-configuration-action
|
|
|
|
|
(default '()))
|
|
|
|
|
(deny? knot-acl-configuration-deny?
|
|
|
|
|
(default #f)))
|
|
|
|
|
|
|
|
|
|
(define-record-type* <zone-entry>
|
|
|
|
|
zone-entry make-zone-entry
|
|
|
|
|
zone-entry?
|
|
|
|
|
(name zone-entry-name
|
|
|
|
|
(default "@"))
|
|
|
|
|
(ttl zone-entry-ttl
|
|
|
|
|
(default ""))
|
|
|
|
|
(class zone-entry-class
|
|
|
|
|
(default "IN"))
|
|
|
|
|
(type zone-entry-type
|
|
|
|
|
(default "A"))
|
|
|
|
|
(data zone-entry-data
|
|
|
|
|
(default "")))
|
|
|
|
|
|
|
|
|
|
(define-record-type* <zone-file>
|
|
|
|
|
zone-file make-zone-file
|
|
|
|
|
zone-file?
|
|
|
|
|
(entries zone-file-entries
|
|
|
|
|
(default '()))
|
|
|
|
|
(origin zone-file-origin
|
|
|
|
|
(default ""))
|
|
|
|
|
(ns zone-file-ns
|
|
|
|
|
(default "ns"))
|
|
|
|
|
(mail zone-file-mail
|
|
|
|
|
(default "hostmaster"))
|
|
|
|
|
(serial zone-file-serial
|
|
|
|
|
(default 1))
|
|
|
|
|
(refresh zone-file-refresh
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 2 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(retry zone-file-retry
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 15 60)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(expiry zone-file-expiry
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 2 7 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(nx zone-file-nx
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(define-record-type* <knot-keystore-configuration>
|
|
|
|
|
knot-keystore-configuration make-knot-keystore-configuration
|
|
|
|
|
knot-keystore-configuration?
|
|
|
|
|
(id knot-keystore-configuration-id
|
|
|
|
|
(default ""))
|
|
|
|
|
(backend knot-keystore-configuration-backend
|
|
|
|
|
(default 'pem))
|
|
|
|
|
(config knot-keystore-configuration-config
|
|
|
|
|
(default "/var/lib/knot/keys/keys")))
|
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-policy-configuration>
|
|
|
|
|
knot-policy-configuration make-knot-policy-configuration
|
|
|
|
|
knot-policy-configuration?
|
|
|
|
|
(id knot-policy-configuration-id
|
|
|
|
|
(default ""))
|
|
|
|
|
(keystore knot-policy-configuration-keystore
|
|
|
|
|
(default "default"))
|
|
|
|
|
(manual? knot-policy-configuration-manual?
|
|
|
|
|
(default #f))
|
|
|
|
|
(single-type-signing? knot-policy-configuration-single-type-signing?
|
|
|
|
|
(default #f))
|
|
|
|
|
(algorithm knot-policy-configuration-algorithm
|
|
|
|
|
(default "ecdsap256sha256"))
|
|
|
|
|
(ksk-size knot-policy-configuration-ksk-size
|
|
|
|
|
(default 256))
|
|
|
|
|
(zsk-size knot-policy-configuration-zsk-size
|
|
|
|
|
(default 256))
|
|
|
|
|
(dnskey-ttl knot-policy-configuration-dnskey-ttl
|
|
|
|
|
(default 'default))
|
|
|
|
|
(zsk-lifetime knot-policy-configuration-zsk-lifetime
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 30 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(propagation-delay knot-policy-configuration-propagation-delay
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(rrsig-lifetime knot-policy-configuration-rrsig-lifetime
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 14 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(rrsig-refresh knot-policy-configuration-rrsig-refresh
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 7 24 3600)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(nsec3? knot-policy-configuration-nsec3?
|
|
|
|
|
(default #f))
|
|
|
|
|
(nsec3-iterations knot-policy-configuration-nsec3-iterations
|
|
|
|
|
(default 5))
|
|
|
|
|
(nsec3-salt-length knot-policy-configuration-nsec3-salt-length
|
|
|
|
|
(default 8))
|
|
|
|
|
(nsec3-salt-lifetime knot-policy-configuration-nsec3-salt-lifetime
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(default (* 30 24 3600))))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-zone-configuration>
|
|
|
|
|
knot-zone-configuration make-knot-zone-configuration
|
|
|
|
|
knot-zone-configuration?
|
2019-04-27 06:56:25 -04:00
|
|
|
|
(domain knot-zone-configuration-domain
|
|
|
|
|
(default ""))
|
|
|
|
|
(file knot-zone-configuration-file
|
|
|
|
|
(default "")) ; the file where this zone is saved.
|
|
|
|
|
(zone knot-zone-configuration-zone
|
|
|
|
|
(default (zone-file))) ; initial content of the zone file
|
|
|
|
|
(master knot-zone-configuration-master
|
|
|
|
|
(default '()))
|
|
|
|
|
(ddns-master knot-zone-configuration-ddns-master
|
|
|
|
|
(default #f))
|
|
|
|
|
(notify knot-zone-configuration-notify
|
|
|
|
|
(default '()))
|
|
|
|
|
(acl knot-zone-configuration-acl
|
|
|
|
|
(default '()))
|
|
|
|
|
(semantic-checks? knot-zone-configuration-semantic-checks?
|
|
|
|
|
(default #f))
|
|
|
|
|
(zonefile-sync knot-zone-configuration-zonefile-sync
|
|
|
|
|
(default 0))
|
|
|
|
|
(zonefile-load knot-zone-configuration-zonefile-load
|
|
|
|
|
(default #f))
|
|
|
|
|
(journal-content knot-zone-configuration-journal-content
|
|
|
|
|
(default #f))
|
|
|
|
|
(max-journal-usage knot-zone-configuration-max-journal-usage
|
|
|
|
|
(default #f))
|
|
|
|
|
(max-journal-depth knot-zone-configuration-max-journal-depth
|
|
|
|
|
(default #f))
|
|
|
|
|
(max-zone-size knot-zone-configuration-max-zone-size
|
|
|
|
|
(default #f))
|
|
|
|
|
(dnssec-policy knot-zone-configuration-dnssec-policy
|
|
|
|
|
(default #f))
|
|
|
|
|
(serial-policy knot-zone-configuration-serial-policy
|
|
|
|
|
(default 'increment)))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-remote-configuration>
|
|
|
|
|
knot-remote-configuration make-knot-remote-configuration
|
|
|
|
|
knot-remote-configuration?
|
|
|
|
|
(id knot-remote-configuration-id
|
|
|
|
|
(default ""))
|
|
|
|
|
(address knot-remote-configuration-address
|
|
|
|
|
(default '()))
|
|
|
|
|
(via knot-remote-configuration-via
|
|
|
|
|
(default '()))
|
|
|
|
|
(key knot-remote-configuration-key
|
|
|
|
|
(default #f)))
|
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-configuration>
|
|
|
|
|
knot-configuration make-knot-configuration
|
|
|
|
|
knot-configuration?
|
|
|
|
|
(knot knot-configuration-knot
|
|
|
|
|
(default knot))
|
|
|
|
|
(run-directory knot-configuration-run-directory
|
|
|
|
|
(default "/var/run/knot"))
|
2019-04-19 16:20:03 -04:00
|
|
|
|
(includes knot-configuration-includes
|
|
|
|
|
(default '()))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(listen-v4 knot-configuration-listen-v4
|
|
|
|
|
(default "0.0.0.0"))
|
|
|
|
|
(listen-v6 knot-configuration-listen-v6
|
|
|
|
|
(default "::"))
|
|
|
|
|
(listen-port knot-configuration-listen-port
|
|
|
|
|
(default 53))
|
|
|
|
|
(keys knot-configuration-keys
|
|
|
|
|
(default '()))
|
|
|
|
|
(keystores knot-configuration-keystores
|
|
|
|
|
(default '()))
|
|
|
|
|
(acls knot-configuration-acls
|
|
|
|
|
(default '()))
|
|
|
|
|
(remotes knot-configuration-remotes
|
|
|
|
|
(default '()))
|
|
|
|
|
(policies knot-configuration-policies
|
|
|
|
|
(default '()))
|
|
|
|
|
(zones knot-configuration-zones
|
|
|
|
|
(default '())))
|
|
|
|
|
|
|
|
|
|
(define-syntax define-zone-entries
|
|
|
|
|
(syntax-rules ()
|
|
|
|
|
((_ id (name ttl class type data) ...)
|
|
|
|
|
(define id (list (make-zone-entry name ttl class type data) ...)))))
|
|
|
|
|
|
|
|
|
|
(define (error-out msg)
|
|
|
|
|
(raise (condition (&message (message msg)))))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-key-configuration key)
|
|
|
|
|
(unless (knot-key-configuration? key)
|
|
|
|
|
(error-out "keys must be a list of only knot-key-configuration."))
|
|
|
|
|
(let ((id (knot-key-configuration-id key)))
|
|
|
|
|
(unless (and (string? id) (not (equal? id "")))
|
|
|
|
|
(error-out "key id must be a non empty string.")))
|
2021-01-30 03:19:32 -05:00
|
|
|
|
(unless (memq (knot-key-configuration-algorithm key)
|
|
|
|
|
'(#f hmac-md5 hmac-sha1 hmac-sha224 hmac-sha256 hmac-sha384 hmac-sha512))
|
|
|
|
|
(error-out "algorithm must be one of: #f, 'hmac-md5, 'hmac-sha1,
|
2017-05-01 15:41:45 -04:00
|
|
|
|
'hmac-sha224, 'hmac-sha256, 'hmac-sha384 or 'hmac-sha512")))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-keystore-configuration keystore)
|
|
|
|
|
(unless (knot-keystore-configuration? keystore)
|
|
|
|
|
(error-out "keystores must be a list of only knot-keystore-configuration."))
|
|
|
|
|
(let ((id (knot-keystore-configuration-id keystore)))
|
|
|
|
|
(unless (and (string? id) (not (equal? id "")))
|
|
|
|
|
(error-out "keystore id must be a non empty string.")))
|
2021-01-30 03:19:32 -05:00
|
|
|
|
(unless (memq (knot-keystore-configuration-backend keystore)
|
|
|
|
|
'(pem pkcs11))
|
|
|
|
|
(error-out "backend must be one of: 'pem or 'pkcs11")))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
|
|
|
|
|
(define (verify-knot-policy-configuration policy)
|
2017-06-10 05:59:18 -04:00
|
|
|
|
(unless (knot-policy-configuration? policy)
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(error-out "policies must be a list of only knot-policy-configuration."))
|
|
|
|
|
(let ((id (knot-policy-configuration-id policy)))
|
|
|
|
|
(unless (and (string? id) (not (equal? id "")))
|
|
|
|
|
(error-out "policy id must be a non empty string."))))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-acl-configuration acl)
|
|
|
|
|
(unless (knot-acl-configuration? acl)
|
|
|
|
|
(error-out "acls must be a list of only knot-acl-configuration."))
|
|
|
|
|
(let ((id (knot-acl-configuration-id acl))
|
|
|
|
|
(address (knot-acl-configuration-address acl))
|
|
|
|
|
(key (knot-acl-configuration-key acl))
|
|
|
|
|
(action (knot-acl-configuration-action acl)))
|
|
|
|
|
(unless (and (string? id) (not (equal? id "")))
|
|
|
|
|
(error-out "acl id must be a non empty string."))
|
|
|
|
|
(unless (and (list? address)
|
2021-01-30 03:19:32 -05:00
|
|
|
|
(every string? address))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(error-out "acl address must be a list of strings.")))
|
|
|
|
|
(unless (boolean? (knot-acl-configuration-deny? acl))
|
|
|
|
|
(error-out "deny? must be #t or #f.")))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-zone-configuration zone)
|
|
|
|
|
(unless (knot-zone-configuration? zone)
|
|
|
|
|
(error-out "zones must be a list of only knot-zone-configuration."))
|
|
|
|
|
(let ((domain (knot-zone-configuration-domain zone)))
|
|
|
|
|
(unless (and (string? domain) (not (equal? domain "")))
|
|
|
|
|
(error-out "zone domain must be a non empty string."))))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-remote-configuration remote)
|
|
|
|
|
(unless (knot-remote-configuration? remote)
|
|
|
|
|
(error-out "remotes must be a list of only knot-remote-configuration."))
|
|
|
|
|
(let ((id (knot-remote-configuration-id remote)))
|
|
|
|
|
(unless (and (string? id) (not (equal? id "")))
|
|
|
|
|
(error-out "remote id must be a non empty string."))))
|
|
|
|
|
|
|
|
|
|
(define (verify-knot-configuration config)
|
|
|
|
|
(unless (package? (knot-configuration-knot config))
|
|
|
|
|
(error-out "knot configuration field must be a package."))
|
|
|
|
|
(unless (string? (knot-configuration-run-directory config))
|
|
|
|
|
(error-out "run-directory must be a string."))
|
2019-04-19 16:20:03 -04:00
|
|
|
|
(unless (list? (knot-configuration-includes config))
|
|
|
|
|
(error-out "includes must be a list of strings or file-like objects."))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(unless (list? (knot-configuration-keys config))
|
|
|
|
|
(error-out "keys must be a list of knot-key-configuration."))
|
|
|
|
|
(for-each (lambda (key) (verify-knot-key-configuration key))
|
|
|
|
|
(knot-configuration-keys config))
|
|
|
|
|
(unless (list? (knot-configuration-keystores config))
|
|
|
|
|
(error-out "keystores must be a list of knot-keystore-configuration."))
|
|
|
|
|
(for-each (lambda (keystore) (verify-knot-keystore-configuration keystore))
|
|
|
|
|
(knot-configuration-keystores config))
|
|
|
|
|
(unless (list? (knot-configuration-acls config))
|
|
|
|
|
(error-out "acls must be a list of knot-acl-configuration."))
|
|
|
|
|
(for-each (lambda (acl) (verify-knot-acl-configuration acl))
|
|
|
|
|
(knot-configuration-acls config))
|
|
|
|
|
(unless (list? (knot-configuration-zones config))
|
|
|
|
|
(error-out "zones must be a list of knot-zone-configuration."))
|
|
|
|
|
(for-each (lambda (zone) (verify-knot-zone-configuration zone))
|
|
|
|
|
(knot-configuration-zones config))
|
|
|
|
|
(unless (list? (knot-configuration-policies config))
|
|
|
|
|
(error-out "policies must be a list of knot-policy-configuration."))
|
|
|
|
|
(for-each (lambda (policy) (verify-knot-policy-configuration policy))
|
|
|
|
|
(knot-configuration-policies config))
|
|
|
|
|
(unless (list? (knot-configuration-remotes config))
|
|
|
|
|
(error-out "remotes must be a list of knot-remote-configuration."))
|
|
|
|
|
(for-each (lambda (remote) (verify-knot-remote-configuration remote))
|
|
|
|
|
(knot-configuration-remotes config))
|
|
|
|
|
#t)
|
|
|
|
|
|
|
|
|
|
(define (format-string-list l)
|
|
|
|
|
"Formats a list of string in YAML"
|
|
|
|
|
(if (eq? l '())
|
|
|
|
|
""
|
|
|
|
|
(let ((l (reverse l)))
|
|
|
|
|
(string-append
|
|
|
|
|
"["
|
|
|
|
|
(fold (lambda (x1 x2)
|
|
|
|
|
(string-append (if (symbol? x1) (symbol->string x1) x1) ", "
|
|
|
|
|
(if (symbol? x2) (symbol->string x2) x2)))
|
2019-04-26 12:36:44 -04:00
|
|
|
|
(if (symbol? (car l)) (symbol->string (car l)) (car l)) (cdr l))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
"]"))))
|
|
|
|
|
|
|
|
|
|
(define (knot-acl-config acls)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (acl-config)
|
|
|
|
|
(let ((id (knot-acl-configuration-id acl-config))
|
|
|
|
|
(address (knot-acl-configuration-address acl-config))
|
|
|
|
|
(key (knot-acl-configuration-key acl-config))
|
|
|
|
|
(action (knot-acl-configuration-action acl-config))
|
|
|
|
|
(deny? (knot-acl-configuration-deny? acl-config)))
|
|
|
|
|
(format #t " - id: ~a\n" id)
|
|
|
|
|
(unless (eq? address '())
|
|
|
|
|
(format #t " address: ~a\n" (format-string-list address)))
|
|
|
|
|
(unless (eq? key '())
|
|
|
|
|
(format #t " key: ~a\n" (format-string-list key)))
|
|
|
|
|
(unless (eq? action '())
|
|
|
|
|
(format #t " action: ~a\n" (format-string-list action)))
|
|
|
|
|
(format #t " deny: ~a\n" (if deny? "on" "off"))))
|
|
|
|
|
acls))))
|
|
|
|
|
|
|
|
|
|
(define (knot-key-config keys)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (key-config)
|
|
|
|
|
(let ((id (knot-key-configuration-id key-config))
|
|
|
|
|
(algorithm (knot-key-configuration-algorithm key-config))
|
|
|
|
|
(secret (knot-key-configuration-secret key-config)))
|
|
|
|
|
(format #t " - id: ~a\n" id)
|
|
|
|
|
(if algorithm
|
|
|
|
|
(format #t " algorithm: ~a\n" (symbol->string algorithm)))
|
|
|
|
|
(format #t " secret: ~a\n" secret)))
|
|
|
|
|
keys))))
|
|
|
|
|
|
|
|
|
|
(define (knot-keystore-config keystores)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (keystore-config)
|
|
|
|
|
(let ((id (knot-keystore-configuration-id keystore-config))
|
|
|
|
|
(backend (knot-keystore-configuration-backend keystore-config))
|
|
|
|
|
(config (knot-keystore-configuration-config keystore-config)))
|
|
|
|
|
(format #t " - id: ~a\n" id)
|
|
|
|
|
(format #t " backend: ~a\n" (symbol->string backend))
|
|
|
|
|
(format #t " config: \"~a\"\n" config)))
|
|
|
|
|
keystores))))
|
|
|
|
|
|
|
|
|
|
(define (knot-policy-config policies)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (policy-config)
|
|
|
|
|
(let ((id (knot-policy-configuration-id policy-config))
|
|
|
|
|
(keystore (knot-policy-configuration-keystore policy-config))
|
|
|
|
|
(manual? (knot-policy-configuration-manual? policy-config))
|
|
|
|
|
(single-type-signing? (knot-policy-configuration-single-type-signing?
|
|
|
|
|
policy-config))
|
|
|
|
|
(algorithm (knot-policy-configuration-algorithm policy-config))
|
|
|
|
|
(ksk-size (knot-policy-configuration-ksk-size policy-config))
|
|
|
|
|
(zsk-size (knot-policy-configuration-zsk-size policy-config))
|
|
|
|
|
(dnskey-ttl (knot-policy-configuration-dnskey-ttl policy-config))
|
|
|
|
|
(zsk-lifetime (knot-policy-configuration-zsk-lifetime policy-config))
|
|
|
|
|
(propagation-delay (knot-policy-configuration-propagation-delay
|
|
|
|
|
policy-config))
|
|
|
|
|
(rrsig-lifetime (knot-policy-configuration-rrsig-lifetime
|
|
|
|
|
policy-config))
|
|
|
|
|
(nsec3? (knot-policy-configuration-nsec3? policy-config))
|
|
|
|
|
(nsec3-iterations (knot-policy-configuration-nsec3-iterations
|
|
|
|
|
policy-config))
|
|
|
|
|
(nsec3-salt-length (knot-policy-configuration-nsec3-salt-length
|
|
|
|
|
policy-config))
|
|
|
|
|
(nsec3-salt-lifetime (knot-policy-configuration-nsec3-salt-lifetime
|
|
|
|
|
policy-config)))
|
|
|
|
|
(format #t " - id: ~a\n" id)
|
|
|
|
|
(format #t " keystore: ~a\n" keystore)
|
|
|
|
|
(format #t " manual: ~a\n" (if manual? "on" "off"))
|
|
|
|
|
(format #t " single-type-signing: ~a\n" (if single-type-signing?
|
|
|
|
|
"on" "off"))
|
|
|
|
|
(format #t " algorithm: ~a\n" algorithm)
|
|
|
|
|
(format #t " ksk-size: ~a\n" (number->string ksk-size))
|
|
|
|
|
(format #t " zsk-size: ~a\n" (number->string zsk-size))
|
|
|
|
|
(unless (eq? dnskey-ttl 'default)
|
|
|
|
|
(format #t " dnskey-ttl: ~a\n" dnskey-ttl))
|
|
|
|
|
(format #t " zsk-lifetime: ~a\n" zsk-lifetime)
|
|
|
|
|
(format #t " propagation-delay: ~a\n" propagation-delay)
|
|
|
|
|
(format #t " rrsig-lifetime: ~a\n" rrsig-lifetime)
|
|
|
|
|
(format #t " nsec3: ~a\n" (if nsec3? "on" "off"))
|
|
|
|
|
(format #t " nsec3-iterations: ~a\n"
|
|
|
|
|
(number->string nsec3-iterations))
|
|
|
|
|
(format #t " nsec3-salt-length: ~a\n"
|
|
|
|
|
(number->string nsec3-salt-length))
|
|
|
|
|
(format #t " nsec3-salt-lifetime: ~a\n" nsec3-salt-lifetime)))
|
|
|
|
|
policies))))
|
|
|
|
|
|
|
|
|
|
(define (knot-remote-config remotes)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (remote-config)
|
|
|
|
|
(let ((id (knot-remote-configuration-id remote-config))
|
|
|
|
|
(address (knot-remote-configuration-address remote-config))
|
|
|
|
|
(via (knot-remote-configuration-via remote-config))
|
|
|
|
|
(key (knot-remote-configuration-key remote-config)))
|
|
|
|
|
(format #t " - id: ~a\n" id)
|
|
|
|
|
(unless (eq? address '())
|
|
|
|
|
(format #t " address: ~a\n" (format-string-list address)))
|
|
|
|
|
(unless (eq? via '())
|
|
|
|
|
(format #t " via: ~a\n" (format-string-list via)))
|
|
|
|
|
(if key
|
|
|
|
|
(format #t " key: ~a\n" key))))
|
|
|
|
|
remotes))))
|
|
|
|
|
|
|
|
|
|
(define (serialize-zone-entries entries)
|
|
|
|
|
(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(for-each
|
|
|
|
|
(lambda (entry)
|
|
|
|
|
(let ((name (zone-entry-name entry))
|
|
|
|
|
(ttl (zone-entry-ttl entry))
|
|
|
|
|
(class (zone-entry-class entry))
|
|
|
|
|
(type (zone-entry-type entry))
|
|
|
|
|
(data (zone-entry-data entry)))
|
|
|
|
|
(format #t "~a ~a ~a ~a ~a\n" name ttl class type data)))
|
|
|
|
|
entries))))
|
|
|
|
|
|
|
|
|
|
(define (serialize-zone-file zone domain)
|
|
|
|
|
(computed-file (string-append domain ".zone")
|
|
|
|
|
#~(begin
|
|
|
|
|
(call-with-output-file #$output
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(format port "$ORIGIN ~a.\n"
|
|
|
|
|
#$(zone-file-origin zone))
|
|
|
|
|
(format port "@ IN SOA ~a ~a (~a ~a ~a ~a ~a)\n"
|
|
|
|
|
#$(zone-file-ns zone)
|
|
|
|
|
#$(zone-file-mail zone)
|
|
|
|
|
#$(zone-file-serial zone)
|
|
|
|
|
#$(zone-file-refresh zone)
|
|
|
|
|
#$(zone-file-retry zone)
|
|
|
|
|
#$(zone-file-expiry zone)
|
|
|
|
|
#$(zone-file-nx zone))
|
|
|
|
|
(format port "~a\n"
|
|
|
|
|
#$(serialize-zone-entries (zone-file-entries zone))))))))
|
|
|
|
|
|
|
|
|
|
(define (knot-zone-config zone)
|
|
|
|
|
(let ((content (knot-zone-configuration-zone zone)))
|
|
|
|
|
#~(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(let ((domain #$(knot-zone-configuration-domain zone))
|
|
|
|
|
(file #$(knot-zone-configuration-file zone))
|
|
|
|
|
(master (list #$@(knot-zone-configuration-master zone)))
|
|
|
|
|
(ddns-master #$(knot-zone-configuration-ddns-master zone))
|
|
|
|
|
(notify (list #$@(knot-zone-configuration-notify zone)))
|
|
|
|
|
(acl (list #$@(knot-zone-configuration-acl zone)))
|
|
|
|
|
(semantic-checks? #$(knot-zone-configuration-semantic-checks? zone))
|
2019-04-27 09:47:28 -04:00
|
|
|
|
(zonefile-sync #$(knot-zone-configuration-zonefile-sync zone))
|
|
|
|
|
(zonefile-load '#$(knot-zone-configuration-zonefile-load zone))
|
2019-04-27 06:56:25 -04:00
|
|
|
|
(journal-content #$(knot-zone-configuration-journal-content zone))
|
|
|
|
|
(max-journal-usage #$(knot-zone-configuration-max-journal-usage zone))
|
|
|
|
|
(max-journal-depth #$(knot-zone-configuration-max-journal-depth zone))
|
|
|
|
|
(max-zone-size #$(knot-zone-configuration-max-zone-size zone))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(dnssec-policy #$(knot-zone-configuration-dnssec-policy zone))
|
|
|
|
|
(serial-policy '#$(knot-zone-configuration-serial-policy zone)))
|
|
|
|
|
(format #t " - domain: ~a\n" domain)
|
|
|
|
|
(if (eq? master '())
|
|
|
|
|
;; This server is a master
|
|
|
|
|
(if (equal? file "")
|
|
|
|
|
(format #t " file: ~a\n"
|
|
|
|
|
#$(serialize-zone-file content
|
|
|
|
|
(knot-zone-configuration-domain zone)))
|
|
|
|
|
(format #t " file: ~a\n" file))
|
|
|
|
|
;; This server is a slave (has masters)
|
|
|
|
|
(begin
|
|
|
|
|
(format #t " master: ~a\n"
|
|
|
|
|
#$(format-string-list
|
|
|
|
|
(knot-zone-configuration-master zone)))
|
|
|
|
|
(if ddns-master (format #t " ddns-master ~a\n" ddns-master))))
|
|
|
|
|
(unless (eq? notify '())
|
|
|
|
|
(format #t " notify: ~a\n"
|
|
|
|
|
#$(format-string-list
|
|
|
|
|
(knot-zone-configuration-notify zone))))
|
|
|
|
|
(unless (eq? acl '())
|
|
|
|
|
(format #t " acl: ~a\n"
|
|
|
|
|
#$(format-string-list
|
|
|
|
|
(knot-zone-configuration-acl zone))))
|
|
|
|
|
(format #t " semantic-checks: ~a\n" (if semantic-checks? "on" "off"))
|
2019-04-27 06:56:25 -04:00
|
|
|
|
(if zonefile-sync
|
|
|
|
|
(format #t " zonefile-sync: ~a\n" zonefile-sync))
|
|
|
|
|
(if zonefile-load
|
|
|
|
|
(format #t " zonefile-load: ~a\n"
|
|
|
|
|
(symbol->string zonefile-load)))
|
|
|
|
|
(if journal-content
|
|
|
|
|
(format #t " journal-content: ~a\n"
|
|
|
|
|
(symbol->string journal-content)))
|
|
|
|
|
(if max-journal-usage
|
|
|
|
|
(format #t " max-journal-usage: ~a\n" max-journal-usage))
|
|
|
|
|
(if max-journal-depth
|
|
|
|
|
(format #t " max-journal-depth: ~a\n" max-journal-depth))
|
|
|
|
|
(if max-zone-size
|
|
|
|
|
(format #t " max-zone-size: ~a\n" max-zone-size))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(if dnssec-policy
|
|
|
|
|
(begin
|
|
|
|
|
(format #t " dnssec-signing: on\n")
|
|
|
|
|
(format #t " dnssec-policy: ~a\n" dnssec-policy)))
|
|
|
|
|
(format #t " serial-policy: ~a\n"
|
|
|
|
|
(symbol->string serial-policy)))))))
|
|
|
|
|
|
|
|
|
|
(define (knot-config-file config)
|
|
|
|
|
(verify-knot-configuration config)
|
|
|
|
|
(computed-file "knot.conf"
|
|
|
|
|
#~(begin
|
|
|
|
|
(call-with-output-file #$output
|
|
|
|
|
(lambda (port)
|
2019-04-26 18:19:41 -04:00
|
|
|
|
(for-each (lambda (inc)
|
|
|
|
|
(format port "include: ~a\n" inc))
|
|
|
|
|
'#$(knot-configuration-includes config))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
(format port "server:\n")
|
|
|
|
|
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
|
|
|
|
|
(format port " user: knot\n")
|
|
|
|
|
(format port " listen: ~a@~a\n"
|
|
|
|
|
#$(knot-configuration-listen-v4 config)
|
|
|
|
|
#$(knot-configuration-listen-port config))
|
|
|
|
|
(format port " listen: ~a@~a\n"
|
|
|
|
|
#$(knot-configuration-listen-v6 config)
|
|
|
|
|
#$(knot-configuration-listen-port config))
|
|
|
|
|
(format port "\nkey:\n")
|
|
|
|
|
(format port #$(knot-key-config (knot-configuration-keys config)))
|
|
|
|
|
(format port "\nkeystore:\n")
|
|
|
|
|
(format port #$(knot-keystore-config (knot-configuration-keystores config)))
|
|
|
|
|
(format port "\nacl:\n")
|
|
|
|
|
(format port #$(knot-acl-config (knot-configuration-acls config)))
|
|
|
|
|
(format port "\nremote:\n")
|
|
|
|
|
(format port #$(knot-remote-config (knot-configuration-remotes config)))
|
|
|
|
|
(format port "\npolicy:\n")
|
|
|
|
|
(format port #$(knot-policy-config (knot-configuration-policies config)))
|
|
|
|
|
(unless #$(eq? (knot-configuration-zones config) '())
|
|
|
|
|
(format port "\nzone:\n")
|
|
|
|
|
(format port "~a\n"
|
|
|
|
|
(string-concatenate
|
|
|
|
|
(list #$@(map knot-zone-config
|
|
|
|
|
(knot-configuration-zones config)))))))))))
|
|
|
|
|
|
|
|
|
|
(define %knot-accounts
|
|
|
|
|
(list (user-group (name "knot") (system? #t))
|
|
|
|
|
(user-account
|
|
|
|
|
(name "knot")
|
|
|
|
|
(group "knot")
|
|
|
|
|
(system? #t)
|
|
|
|
|
(comment "knot dns server user")
|
|
|
|
|
(home-directory "/var/empty")
|
|
|
|
|
(shell (file-append shadow "/sbin/nologin")))))
|
|
|
|
|
|
|
|
|
|
(define (knot-activation config)
|
2021-02-14 06:57:32 -05:00
|
|
|
|
(with-imported-modules (source-module-closure '((gnu build activation)))
|
|
|
|
|
#~(begin
|
|
|
|
|
(use-modules (gnu build activation))
|
|
|
|
|
(mkdir-p/perms #$(knot-configuration-run-directory config)
|
|
|
|
|
(getpwnam "knot") #o755)
|
|
|
|
|
(mkdir-p/perms "/var/lib/knot" (getpwnam "knot") #o755)
|
|
|
|
|
(mkdir-p/perms "/var/lib/knot/keys" (getpwnam "knot") #o755)
|
|
|
|
|
(mkdir-p/perms "/var/lib/knot/keys/keys" (getpwnam "knot") #o755))))
|
2017-05-01 15:41:45 -04:00
|
|
|
|
|
|
|
|
|
(define (knot-shepherd-service config)
|
|
|
|
|
(let* ((config-file (knot-config-file config))
|
|
|
|
|
(knot (knot-configuration-knot config)))
|
|
|
|
|
(list (shepherd-service
|
|
|
|
|
(documentation "Run the Knot DNS daemon.")
|
|
|
|
|
(provision '(knot dns))
|
|
|
|
|
(requirement '(networking))
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
|
(list (string-append #$knot "/sbin/knotd")
|
|
|
|
|
"-c" #$config-file)))
|
|
|
|
|
(stop #~(make-kill-destructor))))))
|
|
|
|
|
|
|
|
|
|
(define knot-service-type
|
|
|
|
|
(service-type (name 'knot)
|
|
|
|
|
(extensions
|
|
|
|
|
(list (service-extension shepherd-root-service-type
|
|
|
|
|
knot-shepherd-service)
|
|
|
|
|
(service-extension activation-service-type
|
|
|
|
|
knot-activation)
|
|
|
|
|
(service-extension account-service-type
|
2020-05-08 10:15:33 -04:00
|
|
|
|
(const %knot-accounts))))
|
|
|
|
|
(description
|
|
|
|
|
"Run @uref{https://www.knot-dns.cz/, Knot}, an authoritative
|
|
|
|
|
name server for the @acronym{DNS, Domain Name System}.")))
|
2018-06-02 11:23:45 -04:00
|
|
|
|
|
2019-11-09 04:05:50 -05:00
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; Knot Resolver.
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
(define-record-type* <knot-resolver-configuration>
|
|
|
|
|
knot-resolver-configuration
|
|
|
|
|
make-knot-resolver-configuration
|
|
|
|
|
knot-resolver-configuration?
|
|
|
|
|
(package knot-resolver-configuration-package
|
|
|
|
|
(default knot-resolver))
|
|
|
|
|
(kresd-config-file knot-resolver-kresd-config-file
|
|
|
|
|
(default %kresd.conf))
|
|
|
|
|
(garbage-collection-interval knot-resolver-garbage-collection-interval
|
|
|
|
|
(default 1000)))
|
|
|
|
|
|
|
|
|
|
(define %kresd.conf
|
|
|
|
|
(plain-file "kresd.conf" "-- -*- mode: lua -*-
|
2020-01-22 07:13:13 -05:00
|
|
|
|
trust_anchors.add_file('/var/cache/knot-resolver/root.keys')
|
2019-11-09 04:05:50 -05:00
|
|
|
|
net = { '127.0.0.1', '::1' }
|
|
|
|
|
user('knot-resolver', 'knot-resolver')
|
|
|
|
|
modules = { 'hints > iterate', 'stats', 'predict' }
|
|
|
|
|
cache.size = 100 * MB
|
|
|
|
|
"))
|
|
|
|
|
|
|
|
|
|
(define %knot-resolver-accounts
|
|
|
|
|
(list (user-group
|
|
|
|
|
(name "knot-resolver")
|
|
|
|
|
(system? #t))
|
|
|
|
|
(user-account
|
|
|
|
|
(name "knot-resolver")
|
|
|
|
|
(group "knot-resolver")
|
|
|
|
|
(system? #t)
|
|
|
|
|
(home-directory "/var/cache/knot-resolver")
|
|
|
|
|
(shell (file-append shadow "/sbin/nologin")))))
|
|
|
|
|
|
|
|
|
|
(define (knot-resolver-activation config)
|
|
|
|
|
#~(begin
|
|
|
|
|
(use-modules (guix build utils))
|
|
|
|
|
(let ((rundir "/var/cache/knot-resolver")
|
|
|
|
|
(owner (getpwnam "knot-resolver")))
|
|
|
|
|
(mkdir-p rundir)
|
|
|
|
|
(chown rundir (passwd:uid owner) (passwd:gid owner)))))
|
|
|
|
|
|
|
|
|
|
(define knot-resolver-shepherd-services
|
|
|
|
|
(match-lambda
|
|
|
|
|
(($ <knot-resolver-configuration> package
|
|
|
|
|
kresd-config-file
|
|
|
|
|
garbage-collection-interval)
|
|
|
|
|
(list
|
|
|
|
|
(shepherd-service
|
|
|
|
|
(provision '(kresd))
|
|
|
|
|
(requirement '(networking))
|
|
|
|
|
(documentation "Run the Knot Resolver daemon.")
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
|
'(#$(file-append package "/sbin/kresd")
|
2020-10-27 14:23:19 -04:00
|
|
|
|
"-c" #$kresd-config-file "-n"
|
2019-11-09 04:05:50 -05:00
|
|
|
|
"/var/cache/knot-resolver")))
|
|
|
|
|
(stop #~(make-kill-destructor)))
|
|
|
|
|
(shepherd-service
|
|
|
|
|
(provision '(kres-cache-gc))
|
|
|
|
|
(requirement '(user-processes))
|
|
|
|
|
(documentation "Run the Knot Resolver Garbage Collector daemon.")
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
|
'(#$(file-append package "/sbin/kres-cache-gc")
|
|
|
|
|
"-d" #$(number->string garbage-collection-interval)
|
|
|
|
|
"-c" "/var/cache/knot-resolver")
|
|
|
|
|
#:user "knot-resolver"
|
|
|
|
|
#:group "knot-resolver"))
|
|
|
|
|
(stop #~(make-kill-destructor)))))))
|
|
|
|
|
|
|
|
|
|
(define knot-resolver-service-type
|
|
|
|
|
(service-type
|
|
|
|
|
(name 'knot-resolver)
|
|
|
|
|
(extensions
|
|
|
|
|
(list (service-extension shepherd-root-service-type
|
|
|
|
|
knot-resolver-shepherd-services)
|
|
|
|
|
(service-extension activation-service-type
|
|
|
|
|
knot-resolver-activation)
|
|
|
|
|
(service-extension account-service-type
|
|
|
|
|
(const %knot-resolver-accounts))))
|
|
|
|
|
(default-value (knot-resolver-configuration))
|
|
|
|
|
(description "Run the Knot DNS Resolver.")))
|
|
|
|
|
|
2018-06-02 11:23:45 -04:00
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; Dnsmasq.
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
(define-record-type* <dnsmasq-configuration>
|
|
|
|
|
dnsmasq-configuration make-dnsmasq-configuration
|
|
|
|
|
dnsmasq-configuration?
|
|
|
|
|
(package dnsmasq-configuration-package
|
|
|
|
|
(default dnsmasq)) ;package
|
|
|
|
|
(no-hosts? dnsmasq-configuration-no-hosts?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(port dnsmasq-configuration-port
|
|
|
|
|
(default 53)) ;integer
|
|
|
|
|
(local-service? dnsmasq-configuration-local-service?
|
|
|
|
|
(default #t)) ;boolean
|
|
|
|
|
(listen-addresses dnsmasq-configuration-listen-address
|
|
|
|
|
(default '())) ;list of string
|
|
|
|
|
(resolv-file dnsmasq-configuration-resolv-file
|
|
|
|
|
(default "/etc/resolv.conf")) ;string
|
|
|
|
|
(no-resolv? dnsmasq-configuration-no-resolv?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(servers dnsmasq-configuration-servers
|
|
|
|
|
(default '())) ;list of string
|
2020-04-10 12:00:47 -04:00
|
|
|
|
(addresses dnsmasq-configuration-addresses
|
|
|
|
|
(default '())) ;list of string
|
2018-06-02 11:23:45 -04:00
|
|
|
|
(cache-size dnsmasq-configuration-cache-size
|
|
|
|
|
(default 150)) ;integer
|
2018-06-08 11:12:37 -04:00
|
|
|
|
(negative-cache? dnsmasq-configuration-negative-cache?
|
2020-09-27 15:06:30 -04:00
|
|
|
|
(default #t)) ;boolean
|
|
|
|
|
(tftp-enable? dnsmasq-configuration-tftp-enable?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-no-fail? dnsmasq-configuration-tftp-no-fail?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-single-port? dnsmasq-configuration-tftp-single-port?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-secure? dnsmasq-tftp-secure?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-max dnsmasq-tftp-max
|
|
|
|
|
(default #f)) ;integer
|
|
|
|
|
(tftp-mtu dnsmasq-tftp-mtu
|
|
|
|
|
(default #f)) ;integer
|
|
|
|
|
(tftp-no-blocksize? dnsmasq-tftp-no-blocksize?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-lowercase? dnsmasq-tftp-lowercase?
|
|
|
|
|
(default #f)) ;boolean
|
|
|
|
|
(tftp-port-range dnsmasq-tftp-port-range
|
|
|
|
|
(default #f)) ;string
|
|
|
|
|
(tftp-root dnsmasq-tftp-root
|
|
|
|
|
(default "/var/empty,lo")) ;string
|
|
|
|
|
(tftp-unique-root dnsmasq-tftp-unique-root
|
|
|
|
|
(default #f))) ;"" or "ip" or "mac"
|
2018-06-02 11:23:45 -04:00
|
|
|
|
|
|
|
|
|
(define dnsmasq-shepherd-service
|
|
|
|
|
(match-lambda
|
|
|
|
|
(($ <dnsmasq-configuration> package
|
|
|
|
|
no-hosts?
|
|
|
|
|
port local-service? listen-addresses
|
|
|
|
|
resolv-file no-resolv? servers
|
2020-09-27 15:06:30 -04:00
|
|
|
|
addresses cache-size negative-cache?
|
|
|
|
|
tftp-enable? tftp-no-fail?
|
|
|
|
|
tftp-single-port? tftp-secure?
|
|
|
|
|
tftp-max tftp-mtu tftp-no-blocksize?
|
|
|
|
|
tftp-lowercase? tftp-port-range
|
|
|
|
|
tftp-root tftp-unique-root)
|
2018-06-02 11:23:45 -04:00
|
|
|
|
(shepherd-service
|
|
|
|
|
(provision '(dnsmasq))
|
|
|
|
|
(requirement '(networking))
|
|
|
|
|
(documentation "Run the dnsmasq DNS server.")
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
|
'(#$(file-append package "/sbin/dnsmasq")
|
|
|
|
|
"--keep-in-foreground"
|
|
|
|
|
"--pid-file=/run/dnsmasq.pid"
|
|
|
|
|
#$@(if no-hosts?
|
|
|
|
|
'("--no-hosts")
|
|
|
|
|
'())
|
|
|
|
|
#$(format #f "--port=~a" port)
|
|
|
|
|
#$@(if local-service?
|
|
|
|
|
'("--local-service")
|
|
|
|
|
'())
|
|
|
|
|
#$@(map (cut format #f "--listen-address=~a" <>)
|
|
|
|
|
listen-addresses)
|
|
|
|
|
#$(format #f "--resolv-file=~a" resolv-file)
|
|
|
|
|
#$@(if no-resolv?
|
|
|
|
|
'("--no-resolv")
|
|
|
|
|
'())
|
|
|
|
|
#$@(map (cut format #f "--server=~a" <>)
|
|
|
|
|
servers)
|
2020-04-10 12:00:47 -04:00
|
|
|
|
#$@(map (cut format #f "--address=~a" <>)
|
|
|
|
|
addresses)
|
2018-06-02 11:23:45 -04:00
|
|
|
|
#$(format #f "--cache-size=~a" cache-size)
|
2018-06-08 11:12:37 -04:00
|
|
|
|
#$@(if negative-cache?
|
|
|
|
|
'()
|
2020-09-27 15:06:30 -04:00
|
|
|
|
'("--no-negcache"))
|
|
|
|
|
#$@(if tftp-enable?
|
|
|
|
|
'("--enable-tftp")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-no-fail?
|
|
|
|
|
'("--tftp-no-fail")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-single-port?
|
|
|
|
|
'("--tftp-single-port")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-secure?
|
|
|
|
|
'("--tftp-secure?")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-max
|
|
|
|
|
(list (format #f "--tftp-max=~a" tftp-max))
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-mtu
|
|
|
|
|
(list (format #f "--tftp-mtu=~a" tftp-mtu))
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-no-blocksize?
|
|
|
|
|
'("--tftp-no-blocksize")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-lowercase?
|
|
|
|
|
'("--tftp-lowercase")
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-port-range
|
|
|
|
|
(list (format #f "--tftp-port-range=~a"
|
|
|
|
|
tftp-port-range))
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-root
|
|
|
|
|
(list (format #f "--tftp-root=~a" tftp-root))
|
|
|
|
|
'())
|
|
|
|
|
#$@(if tftp-unique-root
|
|
|
|
|
(list
|
|
|
|
|
(if (> (length tftp-unique-root) 0)
|
|
|
|
|
(format #f "--tftp-unique-root=~a" tftp-unique-root)
|
|
|
|
|
(format #f "--tftp-unique-root")))
|
|
|
|
|
'()))
|
2018-06-02 11:23:45 -04:00
|
|
|
|
#:pid-file "/run/dnsmasq.pid"))
|
|
|
|
|
(stop #~(make-kill-destructor))))))
|
|
|
|
|
|
2020-06-04 10:14:01 -04:00
|
|
|
|
(define (dnsmasq-activation config)
|
|
|
|
|
#~(begin
|
|
|
|
|
(use-modules (guix build utils))
|
|
|
|
|
;; create directory to store dnsmasq lease file
|
|
|
|
|
(mkdir-p "/var/lib/misc")))
|
|
|
|
|
|
2018-06-02 11:23:45 -04:00
|
|
|
|
(define dnsmasq-service-type
|
|
|
|
|
(service-type
|
|
|
|
|
(name 'dnsmasq)
|
|
|
|
|
(extensions
|
|
|
|
|
(list (service-extension shepherd-root-service-type
|
2020-06-04 10:14:01 -04:00
|
|
|
|
(compose list dnsmasq-shepherd-service))
|
|
|
|
|
(service-extension activation-service-type
|
|
|
|
|
dnsmasq-activation)))
|
2018-06-08 11:31:31 -04:00
|
|
|
|
(default-value (dnsmasq-configuration))
|
|
|
|
|
(description "Run the dnsmasq DNS server.")))
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; ddclient
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
(define (uglify-field-name field-name)
|
|
|
|
|
(string-delete #\? (symbol->string field-name)))
|
|
|
|
|
|
|
|
|
|
(define (serialize-field field-name val)
|
2018-12-03 23:08:47 -05:00
|
|
|
|
(when (not (member field-name '(group secret-file user)))
|
|
|
|
|
(format #t "~a=~a\n" (uglify-field-name field-name) val)))
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
|
|
|
|
|
(define (serialize-boolean field-name val)
|
|
|
|
|
(serialize-field field-name (if val "yes" "no")))
|
|
|
|
|
|
|
|
|
|
(define (serialize-integer field-name val)
|
|
|
|
|
(serialize-field field-name (number->string val)))
|
|
|
|
|
|
|
|
|
|
(define (serialize-string field-name val)
|
|
|
|
|
(if (and (string? val) (string=? val ""))
|
|
|
|
|
""
|
|
|
|
|
(serialize-field field-name val)))
|
|
|
|
|
|
|
|
|
|
(define (serialize-list field-name val)
|
|
|
|
|
(if (null? val) "" (serialize-field field-name (string-join val))))
|
|
|
|
|
|
|
|
|
|
(define (serialize-extra-options extra-options)
|
|
|
|
|
(string-join extra-options "\n" 'suffix))
|
|
|
|
|
|
|
|
|
|
(define-configuration ddclient-configuration
|
|
|
|
|
(ddclient
|
|
|
|
|
(package ddclient)
|
|
|
|
|
"The ddclient package.")
|
|
|
|
|
(daemon
|
|
|
|
|
(integer 300)
|
|
|
|
|
"The period after which ddclient will retry to check IP and domain name.")
|
|
|
|
|
(syslog
|
|
|
|
|
(boolean #t)
|
|
|
|
|
"Use syslog for the output.")
|
|
|
|
|
(mail
|
|
|
|
|
(string "root")
|
|
|
|
|
"Mail to user.")
|
|
|
|
|
(mail-failure
|
|
|
|
|
(string "root")
|
|
|
|
|
"Mail failed update to user.")
|
|
|
|
|
(pid
|
|
|
|
|
(string "/var/run/ddclient/ddclient.pid")
|
|
|
|
|
"The ddclient PID file.")
|
|
|
|
|
(ssl
|
|
|
|
|
(boolean #t)
|
|
|
|
|
"Enable SSL support.")
|
|
|
|
|
(user
|
|
|
|
|
(string "ddclient")
|
|
|
|
|
"Specifies the user name or ID that is used when running ddclient
|
|
|
|
|
program.")
|
|
|
|
|
(group
|
|
|
|
|
(string "ddclient")
|
|
|
|
|
"Group of the user who will run the ddclient program.")
|
|
|
|
|
(secret-file
|
|
|
|
|
(string "/etc/ddclient/secrets.conf")
|
|
|
|
|
"Secret file which will be appended to @file{ddclient.conf} file. This
|
|
|
|
|
file contains credentials for use by ddclient. You are expected to create it
|
|
|
|
|
manually.")
|
|
|
|
|
(extra-options
|
|
|
|
|
(list '())
|
|
|
|
|
"Extra options will be appended to @file{ddclient.conf} file."))
|
|
|
|
|
|
|
|
|
|
(define (ddclient-account config)
|
|
|
|
|
"Return the user accounts and user groups for CONFIG."
|
|
|
|
|
(let ((ddclient-user (ddclient-configuration-user config))
|
|
|
|
|
(ddclient-group (ddclient-configuration-group config)))
|
|
|
|
|
(list (user-group
|
|
|
|
|
(name ddclient-group)
|
|
|
|
|
(system? #t))
|
|
|
|
|
(user-account
|
|
|
|
|
(name ddclient-user)
|
|
|
|
|
(system? #t)
|
|
|
|
|
(group ddclient-group)
|
|
|
|
|
(comment "ddclientd privilege separation user")
|
|
|
|
|
(home-directory (string-append "/var/run/" ddclient-user))))))
|
|
|
|
|
|
|
|
|
|
(define (ddclient-activation config)
|
|
|
|
|
"Return the activation GEXP for CONFIG."
|
|
|
|
|
(with-imported-modules '((guix build utils)
|
|
|
|
|
(ice-9 rdelim))
|
|
|
|
|
#~(begin
|
|
|
|
|
(use-modules (guix build utils)
|
|
|
|
|
(ice-9 rdelim))
|
|
|
|
|
(let ((ddclient-user
|
2018-10-28 18:47:32 -04:00
|
|
|
|
(passwd:uid (getpw #$(ddclient-configuration-user config))))
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
(ddclient-group
|
2018-10-28 18:47:32 -04:00
|
|
|
|
(passwd:gid (getpw #$(ddclient-configuration-group config))))
|
services: Add ddclient service.
* gnu/services/dns.scm (ddclient-configuration, ddclient-service-type): New
variables.
(uglify-field-name, serialize-field, serialize-boolean, serialize-integer,
serialize-string, serialize-list, serialize-extra-options,
ddclient-activation, ddclient-shepherd-service,
generate-ddclient-documentation): New procedures.
* doc/guix.texi (DNS Services): Document it.
2018-07-13 04:49:13 -04:00
|
|
|
|
(ddclient-secret-file
|
|
|
|
|
#$(ddclient-configuration-secret-file config)))
|
|
|
|
|
;; 'ddclient' complains about ddclient.conf file permissions, which
|
|
|
|
|
;; rules out /gnu/store. Thus we copy the ddclient.conf to /etc.
|
|
|
|
|
(for-each (lambda (dir)
|
|
|
|
|
(mkdir-p dir)
|
|
|
|
|
(chmod dir #o700)
|
|
|
|
|
(chown dir ddclient-user ddclient-group))
|
|
|
|
|
'("/var/cache/ddclient" "/var/run/ddclient"
|
|
|
|
|
"/etc/ddclient"))
|
|
|
|
|
(with-output-to-file "/etc/ddclient/ddclient.conf"
|
|
|
|
|
(lambda ()
|
|
|
|
|
(display
|
|
|
|
|
(string-append
|
|
|
|
|
"# Generated by 'ddclient-service'.\n\n"
|
|
|
|
|
#$(with-output-to-string
|
|
|
|
|
(lambda ()
|
|
|
|
|
(serialize-configuration config
|
|
|
|
|
ddclient-configuration-fields)))
|
|
|
|
|
(if (string-null? ddclient-secret-file)
|
|
|
|
|
""
|
|
|
|
|
(format #f "\n\n# Appended from '~a'.\n\n~a"
|
|
|
|
|
ddclient-secret-file
|
|
|
|
|
(with-input-from-file ddclient-secret-file
|
|
|
|
|
read-string)))))))
|
|
|
|
|
(chmod "/etc/ddclient/ddclient.conf" #o600)
|
|
|
|
|
(chown "/etc/ddclient/ddclient.conf"
|
|
|
|
|
ddclient-user ddclient-group)))))
|
|
|
|
|
|
|
|
|
|
(define (ddclient-shepherd-service config)
|
|
|
|
|
"Return a <shepherd-service> for ddclient with CONFIG."
|
|
|
|
|
(let ((ddclient (ddclient-configuration-ddclient config))
|
|
|
|
|
(ddclient-pid (ddclient-configuration-pid config))
|
|
|
|
|
(ddclient-user (ddclient-configuration-user config))
|
|
|
|
|
(ddclient-group (ddclient-configuration-group config)))
|
|
|
|
|
(list (shepherd-service
|
|
|
|
|
(provision '(ddclient))
|
|
|
|
|
(documentation "Run ddclient daemon.")
|
|
|
|
|
(start #~(make-forkexec-constructor
|
|
|
|
|
(list #$(file-append ddclient "/bin/ddclient")
|
|
|
|
|
"-foreground"
|
|
|
|
|
"-file" "/etc/ddclient/ddclient.conf")
|
|
|
|
|
#:pid-file #$ddclient-pid
|
|
|
|
|
#:environment-variables
|
|
|
|
|
(list "SSL_CERT_DIR=/run/current-system/profile\
|
|
|
|
|
/etc/ssl/certs"
|
|
|
|
|
"SSL_CERT_FILE=/run/current-system/profile\
|
|
|
|
|
/etc/ssl/certs/ca-certificates.crt")
|
|
|
|
|
#:user #$ddclient-user
|
|
|
|
|
#:group #$ddclient-group))
|
|
|
|
|
(stop #~(make-kill-destructor))))))
|
|
|
|
|
|
|
|
|
|
(define ddclient-service-type
|
|
|
|
|
(service-type
|
|
|
|
|
(name 'ddclient)
|
|
|
|
|
(extensions
|
|
|
|
|
(list (service-extension account-service-type
|
|
|
|
|
ddclient-account)
|
|
|
|
|
(service-extension shepherd-root-service-type
|
|
|
|
|
ddclient-shepherd-service)
|
|
|
|
|
(service-extension activation-service-type
|
|
|
|
|
ddclient-activation)))
|
|
|
|
|
(default-value (ddclient-configuration))
|
|
|
|
|
(description "Configure address updating utility for dynamic DNS services,
|
|
|
|
|
ddclient.")))
|
|
|
|
|
|
|
|
|
|
(define (generate-ddclient-documentation)
|
|
|
|
|
(generate-documentation
|
|
|
|
|
`((ddclient-configuration ,ddclient-configuration-fields))
|
|
|
|
|
'ddclient-configuration))
|