aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Lepiller <julien@lepiller.eu>2019-04-19 22:20:03 +0200
committerJulien Lepiller <julien@lepiller.eu>2019-04-25 21:44:55 +0200
commit92eb600f8a94afa36142f8f145efaa485b632433 (patch)
tree1745a9f7607012f703119b493017f5958e1280a6
parentca3cf2d58ec3aef566fd0cf9d467df501cab9802 (diff)
downloadguix-92eb600f8a94afa36142f8f145efaa485b632433.tar
guix-92eb600f8a94afa36142f8f145efaa485b632433.tar.gz
gnu: knot-service: Add includes field in configuration.
* gnu/services/dns.scm (knot-configuration): Add includes field. (verify-knot-configuration): Check includes content. (knot-config-file): Serialize includes. * doc/guix.texi (DNS Services): Document it.
-rw-r--r--doc/guix.texi13
-rw-r--r--gnu/services/dns.scm8
2 files changed, 21 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index dbbb811a60..2d5ec867ea 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19843,6 +19843,19 @@ The Knot package.
@item @code{run-directory} (default: @code{"/var/run/knot"})
The run directory. This directory will be used for pid file and sockets.
+@item @code{includes} (default: @code{'()})
+A list of strings or file-like objects denoting other files that must be
+included at the top of the configuration file.
+
+@cindex secrets, Knot service
+This can be used to manage secrets out-of-band. For example, secret
+keys may be stored in an out-of-band file not managed by Guix, and
+thus not visible in @file{/gnu/store}---e.g., you could store secret
+key configuration in @file{/etc/knot/secrets.conf} and add this file
+to the @code{includes} list.
+
+It can also be used to add configuration not supported by this interface.
+
@item @code{listen-v4} (default: @code{"0.0.0.0"})
An ip address on which to listen.
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 1ef754b360..445e03570a 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -207,6 +207,8 @@
(default knot))
(run-directory knot-configuration-run-directory
(default "/var/run/knot"))
+ (includes knot-configuration-includes
+ (default '()))
(listen-v4 knot-configuration-listen-v4
(default "0.0.0.0"))
(listen-v6 knot-configuration-listen-v6
@@ -296,6 +298,8 @@
(error-out "knot configuration field must be a package."))
(unless (string? (knot-configuration-run-directory config))
(error-out "run-directory must be a string."))
+ (unless (list? (knot-configuration-includes config))
+ (error-out "includes must be a list of strings or file-like objects."))
(unless (list? (knot-configuration-keys config))
(error-out "keys must be a list of knot-key-configuration."))
(for-each (lambda (key) (verify-knot-key-configuration key))
@@ -529,6 +533,10 @@
#~(begin
(call-with-output-file #$output
(lambda (port)
+ (if (knot-configuration-includes config)
+ (for-each (lambda (inc)
+ (format port "include: ~a\n" inc))
+ (knot-configuration-includes config)))
(format port "server:\n")
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
(format port " user: knot\n")