Loading nixos/doc/manual/release-notes/rl-2505.section.md +7 −0 Original line number Diff line number Diff line Loading @@ -273,6 +273,13 @@ Alongside many enhancements to NixOS modules and general system improvements, th [not recommended by upstream](https://docs.nextcloud.com/server/30/admin_manual/installation/system_requirements.html) and thus doesn't qualify as default. - PowerDNS Recursor has been updated to version 5.1.2, which comes with a new YAML configuration format (`recursor.yml`) and deprecates the previous format (`recursor.conf`). Accordingly, the NixOS option `services.pdns-recursor.settings` has been renamed to [old-settings](#opt-services.pdns-recursor.old-settings) and will be provided for backward compatibility until the next NixOS release. Users are asked to migrate their settings to the new [yaml-settings](#opt-services.pdns-recursor.old-settings) option following this [guide](https://doc.powerdns.com/recursor/appendices/yamlconversion.html). Note that options other than `services.pdns-recursor.settings` are unaffacted by this change. - Nextcloud's default FPM pool settings have been increased according to upstream recommentations. It's advised to review the new defaults and description of [](#opt-services.nextcloud.poolSettings). Loading nixos/modules/services/networking/pdns-recursor.nix +102 −33 Original line number Diff line number Diff line Loading @@ -38,12 +38,34 @@ let else ""; configDir = pkgs.writeTextDir "recursor.conf" ( concatStringsSep "\n" (flip mapAttrsToList cfg.settings (name: val: "${name}=${serialize val}")) ); settingsFormat = pkgs.formats.yaml { }; mkDefaultAttrs = mapAttrs (n: v: mkDefault v); mkForwardZone = mapAttrsToList ( zone: uri: { inherit zone; forwarders = [ uri ]; } ); configFile = if cfg.old-settings != { } then # Convert recursor.conf to recursor.yml and merge it let conf = pkgs.writeText "recursor.conf" ( concatStringsSep "\n" (mapAttrsToList (name: val: "${name}=${serialize val}") cfg.old-settings) ); yaml = settingsFormat.generate "recursor.yml" cfg.yaml-settings; in pkgs.runCommand "recursor-merged.yml" { } '' ${pkgs.pdns-recursor}/bin/rec_control show-yaml --config ${conf} > override.yml ${pkgs.yq-go}/bin/yq '. *= load("override.yml")' ${yaml} > $out '' else settingsFormat.generate "recursor.yml" cfg.yaml-settings; in { options.services.pdns-recursor = { Loading Loading @@ -175,7 +197,7 @@ in ''; }; settings = mkOption { old-settings = mkOption { type = configType; default = { }; example = literalExpression '' Loading @@ -184,11 +206,34 @@ in log-common-errors = true; } ''; description = '' Older PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at <https://doc.powerdns.com/recursor/settings.html> for the available options. ::: {.warning} This option is provided for backward compatibility only and will be removed in the next release of NixOS. ::: ''; }; yaml-settings = mkOption { type = settingsFormat.type; default = { }; example = literalExpression '' { loglevel = 8; log-common-errors = true; } ''; description = '' PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at <https://doc.powerdns.com/recursor/settings.html> <https://doc.powerdns.com/recursor/yamlsettings.html> for the available options. ''; }; Loading @@ -205,43 +250,45 @@ in config = mkIf cfg.enable { environment.etc."pdns-recursor".source = configDir; services.pdns-recursor.settings = mkDefaultAttrs { local-address = cfg.dns.address; local-port = cfg.dns.port; allow-from = cfg.dns.allowFrom; environment.etc."/pdns-recursor/recursor.yml".source = configFile; webserver-address = cfg.api.address; webserver-port = cfg.api.port; webserver-allow-from = cfg.api.allowFrom; services.pdns-recursor.yaml-settings = { incoming = mkDefaultAttrs { listen = cfg.dns.address; port = cfg.dns.port; allow_from = cfg.dns.allowFrom; }; forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones; forward-zones-recurse = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZonesRecurse; export-etc-hosts = cfg.exportHosts; dnssec = cfg.dnssecValidation; serve-rfc1918 = cfg.serveRFC1918; lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig; webservice = mkDefaultAttrs { address = cfg.api.address; port = cfg.api.port; allow_from = cfg.api.allowFrom; }; recursor = mkDefaultAttrs { forward_zones = mkForwardZone cfg.forwardZones; forward_zones_recurse = mkForwardZone cfg.forwardZonesRecurse; export_etc_hosts = cfg.exportHosts; serve_rfc1918 = cfg.serveRFC1918; lua_config_file = pkgs.writeText "recursor.lua" cfg.luaConfig; daemon = false; write-pid = false; log-timestamp = false; disable-syslog = true; write_pid = false; }; systemd.packages = [ pkgs.pdns-recursor ]; systemd.services.pdns-recursor = { wantedBy = [ "multi-user.target" ]; dnssec = mkDefaultAttrs { validation = cfg.dnssecValidation; }; serviceConfig = { ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ]; logging = mkDefaultAttrs { timestamp = false; disable_syslog = true; }; }; systemd.packages = [ pkgs.pdns-recursor ]; systemd.services.pdns-recursor.wantedBy = [ "multi-user.target" ]; users.users.pdns-recursor = { isSystemUser = true; group = "pdns-recursor"; Loading @@ -250,6 +297,15 @@ in users.groups.pdns-recursor = { }; warnings = lib.optional (cfg.old-settings != { }) '' pdns-recursor has changed its configuration file format from pdns-recursor.conf (mapped to `services.pdns-recursor.old-settings`) to the newer pdns-recursor.yml (mapped to `services.pdns-recursor.yaml-settings`). Support for the older format will be removed in a future version, so please migrate your settings over. See <https://doc.powerdns.com/recursor/yamlsettings.html>. ''; }; imports = [ Loading @@ -258,6 +314,19 @@ in "pdns-recursor" "extraConfig" ] "To change extra Recursor settings use services.pdns-recursor.settings instead.") (mkRenamedOptionModule [ "services" "pdns-recursor" "settings" ] [ "services" "pdns-recursor" "old-settings" ] ) ]; meta.maintainers = with lib.maintainers; [ rnhmjoj ]; Loading nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -1019,7 +1019,7 @@ in paperless = handleTest ./paperless.nix { }; parsedmarc = handleTest ./parsedmarc { }; password-option-override-ordering = handleTest ./password-option-override-ordering.nix { }; pdns-recursor = handleTest ./pdns-recursor.nix { }; pdns-recursor = runTest ./pdns-recursor.nix; pds = handleTest ./pds.nix { }; peerflix = handleTest ./peerflix.nix { }; peering-manager = handleTest ./web-apps/peering-manager.nix { }; Loading nixos/tests/pdns-recursor.nix +20 −15 Original line number Diff line number Diff line import ./make-test-python.nix ( { pkgs, ... }: { lib, pkgs, ... }: { name = "powerdns-recursor"; meta.maintainers = with lib.maintainers; [ rnhmjoj ]; nodes.server = { ... }: { nodes.server = { services.pdns-recursor.enable = true; services.pdns-recursor.exportHosts = true; services.pdns-recursor.old-settings.dnssec-log-bogus = true; networking.hosts."192.0.2.1" = [ "example.com" ]; }; testScript = '' with subtest("pdns-recursor is running"): server.wait_for_unit("pdns-recursor") server.wait_for_open_port(53) with subtest("can resolve names"): assert "192.0.2.1" in server.succeed("host example.com localhost") with subtest("old-settings have been merged in"): server.succeed("${lib.getExe pkgs.yq-go} -e .dnssec.log_bogus /etc/pdns-recursor/recursor.yml") ''; } ) Loading
nixos/doc/manual/release-notes/rl-2505.section.md +7 −0 Original line number Diff line number Diff line Loading @@ -273,6 +273,13 @@ Alongside many enhancements to NixOS modules and general system improvements, th [not recommended by upstream](https://docs.nextcloud.com/server/30/admin_manual/installation/system_requirements.html) and thus doesn't qualify as default. - PowerDNS Recursor has been updated to version 5.1.2, which comes with a new YAML configuration format (`recursor.yml`) and deprecates the previous format (`recursor.conf`). Accordingly, the NixOS option `services.pdns-recursor.settings` has been renamed to [old-settings](#opt-services.pdns-recursor.old-settings) and will be provided for backward compatibility until the next NixOS release. Users are asked to migrate their settings to the new [yaml-settings](#opt-services.pdns-recursor.old-settings) option following this [guide](https://doc.powerdns.com/recursor/appendices/yamlconversion.html). Note that options other than `services.pdns-recursor.settings` are unaffacted by this change. - Nextcloud's default FPM pool settings have been increased according to upstream recommentations. It's advised to review the new defaults and description of [](#opt-services.nextcloud.poolSettings). Loading
nixos/modules/services/networking/pdns-recursor.nix +102 −33 Original line number Diff line number Diff line Loading @@ -38,12 +38,34 @@ let else ""; configDir = pkgs.writeTextDir "recursor.conf" ( concatStringsSep "\n" (flip mapAttrsToList cfg.settings (name: val: "${name}=${serialize val}")) ); settingsFormat = pkgs.formats.yaml { }; mkDefaultAttrs = mapAttrs (n: v: mkDefault v); mkForwardZone = mapAttrsToList ( zone: uri: { inherit zone; forwarders = [ uri ]; } ); configFile = if cfg.old-settings != { } then # Convert recursor.conf to recursor.yml and merge it let conf = pkgs.writeText "recursor.conf" ( concatStringsSep "\n" (mapAttrsToList (name: val: "${name}=${serialize val}") cfg.old-settings) ); yaml = settingsFormat.generate "recursor.yml" cfg.yaml-settings; in pkgs.runCommand "recursor-merged.yml" { } '' ${pkgs.pdns-recursor}/bin/rec_control show-yaml --config ${conf} > override.yml ${pkgs.yq-go}/bin/yq '. *= load("override.yml")' ${yaml} > $out '' else settingsFormat.generate "recursor.yml" cfg.yaml-settings; in { options.services.pdns-recursor = { Loading Loading @@ -175,7 +197,7 @@ in ''; }; settings = mkOption { old-settings = mkOption { type = configType; default = { }; example = literalExpression '' Loading @@ -184,11 +206,34 @@ in log-common-errors = true; } ''; description = '' Older PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at <https://doc.powerdns.com/recursor/settings.html> for the available options. ::: {.warning} This option is provided for backward compatibility only and will be removed in the next release of NixOS. ::: ''; }; yaml-settings = mkOption { type = settingsFormat.type; default = { }; example = literalExpression '' { loglevel = 8; log-common-errors = true; } ''; description = '' PowerDNS Recursor settings. Use this option to configure Recursor settings not exposed in a NixOS option or to bypass one. See the full documentation at <https://doc.powerdns.com/recursor/settings.html> <https://doc.powerdns.com/recursor/yamlsettings.html> for the available options. ''; }; Loading @@ -205,43 +250,45 @@ in config = mkIf cfg.enable { environment.etc."pdns-recursor".source = configDir; services.pdns-recursor.settings = mkDefaultAttrs { local-address = cfg.dns.address; local-port = cfg.dns.port; allow-from = cfg.dns.allowFrom; environment.etc."/pdns-recursor/recursor.yml".source = configFile; webserver-address = cfg.api.address; webserver-port = cfg.api.port; webserver-allow-from = cfg.api.allowFrom; services.pdns-recursor.yaml-settings = { incoming = mkDefaultAttrs { listen = cfg.dns.address; port = cfg.dns.port; allow_from = cfg.dns.allowFrom; }; forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones; forward-zones-recurse = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZonesRecurse; export-etc-hosts = cfg.exportHosts; dnssec = cfg.dnssecValidation; serve-rfc1918 = cfg.serveRFC1918; lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig; webservice = mkDefaultAttrs { address = cfg.api.address; port = cfg.api.port; allow_from = cfg.api.allowFrom; }; recursor = mkDefaultAttrs { forward_zones = mkForwardZone cfg.forwardZones; forward_zones_recurse = mkForwardZone cfg.forwardZonesRecurse; export_etc_hosts = cfg.exportHosts; serve_rfc1918 = cfg.serveRFC1918; lua_config_file = pkgs.writeText "recursor.lua" cfg.luaConfig; daemon = false; write-pid = false; log-timestamp = false; disable-syslog = true; write_pid = false; }; systemd.packages = [ pkgs.pdns-recursor ]; systemd.services.pdns-recursor = { wantedBy = [ "multi-user.target" ]; dnssec = mkDefaultAttrs { validation = cfg.dnssecValidation; }; serviceConfig = { ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}" ]; logging = mkDefaultAttrs { timestamp = false; disable_syslog = true; }; }; systemd.packages = [ pkgs.pdns-recursor ]; systemd.services.pdns-recursor.wantedBy = [ "multi-user.target" ]; users.users.pdns-recursor = { isSystemUser = true; group = "pdns-recursor"; Loading @@ -250,6 +297,15 @@ in users.groups.pdns-recursor = { }; warnings = lib.optional (cfg.old-settings != { }) '' pdns-recursor has changed its configuration file format from pdns-recursor.conf (mapped to `services.pdns-recursor.old-settings`) to the newer pdns-recursor.yml (mapped to `services.pdns-recursor.yaml-settings`). Support for the older format will be removed in a future version, so please migrate your settings over. See <https://doc.powerdns.com/recursor/yamlsettings.html>. ''; }; imports = [ Loading @@ -258,6 +314,19 @@ in "pdns-recursor" "extraConfig" ] "To change extra Recursor settings use services.pdns-recursor.settings instead.") (mkRenamedOptionModule [ "services" "pdns-recursor" "settings" ] [ "services" "pdns-recursor" "old-settings" ] ) ]; meta.maintainers = with lib.maintainers; [ rnhmjoj ]; Loading
nixos/tests/all-tests.nix +1 −1 Original line number Diff line number Diff line Loading @@ -1019,7 +1019,7 @@ in paperless = handleTest ./paperless.nix { }; parsedmarc = handleTest ./parsedmarc { }; password-option-override-ordering = handleTest ./password-option-override-ordering.nix { }; pdns-recursor = handleTest ./pdns-recursor.nix { }; pdns-recursor = runTest ./pdns-recursor.nix; pds = handleTest ./pds.nix { }; peerflix = handleTest ./peerflix.nix { }; peering-manager = handleTest ./web-apps/peering-manager.nix { }; Loading
nixos/tests/pdns-recursor.nix +20 −15 Original line number Diff line number Diff line import ./make-test-python.nix ( { pkgs, ... }: { lib, pkgs, ... }: { name = "powerdns-recursor"; meta.maintainers = with lib.maintainers; [ rnhmjoj ]; nodes.server = { ... }: { nodes.server = { services.pdns-recursor.enable = true; services.pdns-recursor.exportHosts = true; services.pdns-recursor.old-settings.dnssec-log-bogus = true; networking.hosts."192.0.2.1" = [ "example.com" ]; }; testScript = '' with subtest("pdns-recursor is running"): server.wait_for_unit("pdns-recursor") server.wait_for_open_port(53) with subtest("can resolve names"): assert "192.0.2.1" in server.succeed("host example.com localhost") with subtest("old-settings have been merged in"): server.succeed("${lib.getExe pkgs.yq-go} -e .dnssec.log_bogus /etc/pdns-recursor/recursor.yml") ''; } )
