movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-09 19:13:26 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/pdns-recursor: deprecate settings, add yaml-settings (#406534)

Browse source
This commit is contained in:
Michele Guerini Rocco 2025-05-19 10:30:07 +02:00 committed by GitHub
commit eebd349fdd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 130 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nixos/doc/manual/release-notes/rl-2505.section.md
View file

@ -273,6 +273,13 @@ Alongside many enhancements to NixOS modules and general system improvements, th
[not recommended by upstream](https://docs.nextcloud.com/server/30/admin_manual/installation/system_requirements.html)
and thus doesn't qualify as default.
- PowerDNS Recursor has been updated to version 5.1.2, which comes with a new YAML configuration format (`recursor.yml`)
and deprecates the previous format (`recursor.conf`). Accordingly, the NixOS option `services.pdns-recursor.settings`
has been renamed to [old-settings](#opt-services.pdns-recursor.old-settings) and will be provided for backward compatibility
until the next NixOS release. Users are asked to migrate their settings to the new [yaml-settings](#opt-services.pdns-recursor.old-settings)
option following this [guide](https://doc.powerdns.com/recursor/appendices/yamlconversion.html).
Note that options other than `services.pdns-recursor.settings` are unaffacted by this change.
- Nextcloud's default FPM pool settings have been increased according to upstream recommentations. It's advised
to review the new defaults and description of
[](#opt-services.nextcloud.poolSettings).

135
nixos/modules/services/networking/pdns-recursor.nix
View file

@ -38,12 +38,34 @@ let
else
"";
configDir = pkgs.writeTextDir "recursor.conf" (
concatStringsSep "\n" (flip mapAttrsToList cfg.settings (name: val: "${name}=${serialize val}"))
);
settingsFormat = pkgs.formats.yaml { };
mkDefaultAttrs = mapAttrs (n: v: mkDefault v);
mkForwardZone = mapAttrsToList (
zone: uri: {
inherit zone;
forwarders = [ uri ];
}
);
configFile =
if cfg.old-settings != { } then
# Convert recursor.conf to recursor.yml and merge it
let
conf = pkgs.writeText "recursor.conf" (
concatStringsSep "\n" (mapAttrsToList (name: val: "${name}=${serialize val}") cfg.old-settings)
);
yaml = settingsFormat.generate "recursor.yml" cfg.yaml-settings;
in
pkgs.runCommand "recursor-merged.yml" { } ''
${pkgs.pdns-recursor}/bin/rec_control show-yaml --config ${conf} > override.yml
${pkgs.yq-go}/bin/yq '. *= load("override.yml")' ${yaml} > $out
''
else
settingsFormat.generate "recursor.yml" cfg.yaml-settings;
in
{
options.services.pdns-recursor = {
@ -175,7 +197,7 @@ in
'';
};
settings = mkOption {
old-settings = mkOption {
type = configType;
default = { };
example = literalExpression ''
@ -184,11 +206,34 @@ in
log-common-errors = true;
}
'';
description = ''
Older PowerDNS Recursor settings. Use this option to configure
Recursor settings not exposed in a NixOS option or to bypass one.
See the full documentation at
<https://doc.powerdns.com/recursor/settings.html>
for the available options.
::: {.warning}
This option is provided for backward compatibility only
and will be removed in the next release of NixOS.
:::
'';
};
yaml-settings = mkOption {
type = settingsFormat.type;
default = { };
example = literalExpression ''
{
loglevel = 8;
log-common-errors = true;
}
'';
description = ''
PowerDNS Recursor settings. Use this option to configure Recursor
settings not exposed in a NixOS option or to bypass one.
See the full documentation at
<https://doc.powerdns.com/recursor/settings.html>
<https://doc.powerdns.com/recursor/yamlsettings.html>
for the available options.
'';
};
@ -205,42 +250,44 @@ in
config = mkIf cfg.enable {
environment.etc."pdns-recursor".source = configDir;
environment.etc."/pdns-recursor/recursor.yml".source = configFile;
services.pdns-recursor.settings = mkDefaultAttrs {
local-address = cfg.dns.address;
local-port = cfg.dns.port;
allow-from = cfg.dns.allowFrom;
services.pdns-recursor.yaml-settings = {
incoming = mkDefaultAttrs {
listen = cfg.dns.address;
port = cfg.dns.port;
allow_from = cfg.dns.allowFrom;
};
webserver-address = cfg.api.address;
webserver-port = cfg.api.port;
webserver-allow-from = cfg.api.allowFrom;
webservice = mkDefaultAttrs {
address = cfg.api.address;
port = cfg.api.port;
allow_from = cfg.api.allowFrom;
};
forward-zones = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZones;
forward-zones-recurse = mapAttrsToList (zone: uri: "${zone}.=${uri}") cfg.forwardZonesRecurse;
export-etc-hosts = cfg.exportHosts;
dnssec = cfg.dnssecValidation;
serve-rfc1918 = cfg.serveRFC1918;
lua-config-file = pkgs.writeText "recursor.lua" cfg.luaConfig;
recursor = mkDefaultAttrs {
forward_zones = mkForwardZone cfg.forwardZones;
forward_zones_recurse = mkForwardZone cfg.forwardZonesRecurse;
export_etc_hosts = cfg.exportHosts;
serve_rfc1918 = cfg.serveRFC1918;
lua_config_file = pkgs.writeText "recursor.lua" cfg.luaConfig;
daemon = false;
write_pid = false;
};
daemon = false;
write-pid = false;
log-timestamp = false;
disable-syslog = true;
dnssec = mkDefaultAttrs {
validation = cfg.dnssecValidation;
};
logging = mkDefaultAttrs {
timestamp = false;
disable_syslog = true;
};
};
systemd.packages = [ pkgs.pdns-recursor ];
systemd.services.pdns-recursor = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = [
""
"${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=${configDir}"
];
};
};
systemd.services.pdns-recursor.wantedBy = [ "multi-user.target" ];
users.users.pdns-recursor = {
isSystemUser = true;
@ -250,6 +297,15 @@ in
users.groups.pdns-recursor = { };
warnings = lib.optional (cfg.old-settings != { }) ''
pdns-recursor has changed its configuration file format from pdns-recursor.conf
(mapped to `services.pdns-recursor.old-settings`) to the newer pdns-recursor.yml
(mapped to `services.pdns-recursor.yaml-settings`).
Support for the older format will be removed in a future version, so please migrate
your settings over. See <https://doc.powerdns.com/recursor/yamlsettings.html>.
'';
};
imports = [
@ -258,6 +314,19 @@ in
"pdns-recursor"
"extraConfig"
] "To change extra Recursor settings use services.pdns-recursor.settings instead.")
(mkRenamedOptionModule
[
"services"
"pdns-recursor"
"settings"
]
[
"services"
"pdns-recursor"
"old-settings"
]
)
];
meta.maintainers = with lib.maintainers; [ rnhmjoj ];

2
nixos/tests/all-tests.nix
View file

@ -1019,7 +1019,7 @@ in
paperless = handleTest ./paperless.nix { };
parsedmarc = handleTest ./parsedmarc { };
password-option-override-ordering = handleTest ./password-option-override-ordering.nix { };
pdns-recursor = handleTest ./pdns-recursor.nix { };
pdns-recursor = runTest ./pdns-recursor.nix;
pds = handleTest ./pds.nix { };
peerflix = handleTest ./peerflix.nix { };
peering-manager = handleTest ./web-apps/peering-manager.nix { };

35
nixos/tests/pdns-recursor.nix
View file

@ -1,20 +1,25 @@
import ./make-test-python.nix (
{ pkgs, ... }:
{
name = "powerdns-recursor";
{ lib, pkgs, ... }:
nodes.server =
{ ... }:
{
services.pdns-recursor.enable = true;
services.pdns-recursor.exportHosts = true;
networking.hosts."192.0.2.1" = [ "example.com" ];
};
{
name = "powerdns-recursor";
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
testScript = ''
nodes.server = {
services.pdns-recursor.enable = true;
services.pdns-recursor.exportHosts = true;
services.pdns-recursor.old-settings.dnssec-log-bogus = true;
networking.hosts."192.0.2.1" = [ "example.com" ];
};
testScript = ''
with subtest("pdns-recursor is running"):
server.wait_for_unit("pdns-recursor")
server.wait_for_open_port(53)
with subtest("can resolve names"):
assert "192.0.2.1" in server.succeed("host example.com localhost")
'';
}
)
with subtest("old-settings have been merged in"):
server.succeed("${lib.getExe pkgs.yq-go} -e .dnssec.log_bogus /etc/pdns-recursor/recursor.yml")
'';
}