gnu: knot-service: Add includes field in configuration.

* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
This commit is contained in:
Julien Lepiller 2019-04-19 22:20:03 +02:00
parent ca3cf2d58e
commit 92eb600f8a
No known key found for this signature in database
GPG key ID: 43111F4520086A0C
2 changed files with 21 additions and 0 deletions

View file

@ -19843,6 +19843,19 @@ The Knot package.
@item @code{run-directory} (default: @code{"/var/run/knot"}) @item @code{run-directory} (default: @code{"/var/run/knot"})
The run directory. This directory will be used for pid file and sockets. The run directory. This directory will be used for pid file and sockets.
@item @code{includes} (default: @code{'()})
A list of strings or file-like objects denoting other files that must be
included at the top of the configuration file.
@cindex secrets, Knot service
This can be used to manage secrets out-of-band. For example, secret
keys may be stored in an out-of-band file not managed by Guix, and
thus not visible in @file{/gnu/store}---e.g., you could store secret
key configuration in @file{/etc/knot/secrets.conf} and add this file
to the @code{includes} list.
It can also be used to add configuration not supported by this interface.
@item @code{listen-v4} (default: @code{"0.0.0.0"}) @item @code{listen-v4} (default: @code{"0.0.0.0"})
An ip address on which to listen. An ip address on which to listen.

View file

@ -207,6 +207,8 @@ (define-record-type* <knot-configuration>
(default knot)) (default knot))
(run-directory knot-configuration-run-directory (run-directory knot-configuration-run-directory
(default "/var/run/knot")) (default "/var/run/knot"))
(includes knot-configuration-includes
(default '()))
(listen-v4 knot-configuration-listen-v4 (listen-v4 knot-configuration-listen-v4
(default "0.0.0.0")) (default "0.0.0.0"))
(listen-v6 knot-configuration-listen-v6 (listen-v6 knot-configuration-listen-v6
@ -296,6 +298,8 @@ (define (verify-knot-configuration config)
(error-out "knot configuration field must be a package.")) (error-out "knot configuration field must be a package."))
(unless (string? (knot-configuration-run-directory config)) (unless (string? (knot-configuration-run-directory config))
(error-out "run-directory must be a string.")) (error-out "run-directory must be a string."))
(unless (list? (knot-configuration-includes config))
(error-out "includes must be a list of strings or file-like objects."))
(unless (list? (knot-configuration-keys config)) (unless (list? (knot-configuration-keys config))
(error-out "keys must be a list of knot-key-configuration.")) (error-out "keys must be a list of knot-key-configuration."))
(for-each (lambda (key) (verify-knot-key-configuration key)) (for-each (lambda (key) (verify-knot-key-configuration key))
@ -529,6 +533,10 @@ (define (knot-config-file config)
#~(begin #~(begin
(call-with-output-file #$output (call-with-output-file #$output
(lambda (port) (lambda (port)
(if (knot-configuration-includes config)
(for-each (lambda (inc)
(format port "include: ~a\n" inc))
(knot-configuration-includes config)))
(format port "server:\n") (format port "server:\n")
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config)) (format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
(format port " user: knot\n") (format port " user: knot\n")