nixos/bind: fix check of config file (260d78cb) · Commits · nix / nixpkgs

nixos/modules/services/networking/bind.nix

+23 −12

Original line number	Diff line number	Diff line
		@@ -76,25 +76,26 @@ let
		text = ''
		key "rndc-key" {
		algorithm ${bindRndcMacType};
		secret "0123456789abcdefghijklmnopqrstuvw=";
		secret "Ini0XSebb9LrYz7zprobBLZ2iwBEK5S9vh9zj/DozR8=";
		};
		'';
		};

		testFakeDir = "/tmp/test-fake-directory-for-named-checkconf";

		confFile = pkgs.writeTextFile {
		name = "named.conf";
		checkPhase = ''
		runHook preCheck
		${lib.optionalString cfg.checkConfig ''
		echo "Checking named configuration file...";
		${lib.getExe' bindPkg "named-checkconf"} -z $target -t ${cfg.directory}
		runHook postCheck
		'';
		derivationArgs = {
		doCheck = true;
		postCheck = ''
		substituteInPlace $target --replace-fail ${testRndcKey} ${bindRndcKeyFile}
		mkdir -p ${testFakeDir}
		${lib.getExe' bindPkg "named-checkconf"} -z $target
		''}

		substituteInPlace $target \
		--replace-fail ${testRndcKey} ${bindRndcKeyFile} \
		--replace-fail ${testFakeDir} ${cfg.directory}
		'';
		};

		# The include path in the first line will be replaced in the postCheck hook.
		text = ''
		@@ -117,7 +118,7 @@ let
		blackhole { badnetworks; };
		forward ${cfg.forward};
		forwarders { ${lib.concatMapStrings (entry: " ${entry}; ") cfg.forwarders} };
		directory "${cfg.directory}";
		directory "${testFakeDir}";
		pid-file "/run/named/named.pid";
		${cfg.extraOptions}
		};
		@@ -323,6 +324,16 @@ in
		'';
		};

		checkConfig = lib.mkOption {
		type = lib.types.bool;
		default = true;
		description = ''
		Check configuration.

		The configuration will not be checked if you override the config file
		with `configFile`.
		'';
		};
		};

		};