* [bug#35329] [PATCH] gnu: knot-service: Add includes field in configuration.
@ 2019-04-19 21:22 Julien Lepiller
2019-04-24 12:34 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Julien Lepiller @ 2019-04-19 21:22 UTC (permalink / raw)
To: 35329
* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
---
doc/guix.texi | 7 +++++++
gnu/services/dns.scm | 8 ++++++++
2 files changed, 15 insertions(+)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8c7522f286..d61fd1c7a9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19814,6 +19814,13 @@ The Knot package.
@item @code{run-directory} (default: @code{"/var/run/knot"})
The run directory. This directory will be used for pid file and sockets.
+@item @code{includes} (default: @code{'()})
+A list of strings or file-like objects denoting other files that must be
+included at the top of the configuration file. This is especially useful
+for including key configuration from outside the store, since keys should
+not be readable by every user. It can also be used to add configuration
+not supported by this interface.
+
@item @code{listen-v4} (default: @code{"0.0.0.0"})
An ip address on which to listen.
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 1ef754b360..445e03570a 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -207,6 +207,8 @@
(default knot))
(run-directory knot-configuration-run-directory
(default "/var/run/knot"))
+ (includes knot-configuration-includes
+ (default '()))
(listen-v4 knot-configuration-listen-v4
(default "0.0.0.0"))
(listen-v6 knot-configuration-listen-v6
@@ -296,6 +298,8 @@
(error-out "knot configuration field must be a package."))
(unless (string? (knot-configuration-run-directory config))
(error-out "run-directory must be a string."))
+ (unless (list? (knot-configuration-includes config))
+ (error-out "includes must be a list of strings or file-like objects."))
(unless (list? (knot-configuration-keys config))
(error-out "keys must be a list of knot-key-configuration."))
(for-each (lambda (key) (verify-knot-key-configuration key))
@@ -529,6 +533,10 @@
#~(begin
(call-with-output-file #$output
(lambda (port)
+ (if (knot-configuration-includes config)
+ (for-each (lambda (inc)
+ (format port "include: ~a\n" inc))
+ (knot-configuration-includes config)))
(format port "server:\n")
(format port " rundir: ~a\n" #$(knot-configuration-run-directory config))
(format port " user: knot\n")
--
2.21.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [bug#35329] [PATCH] gnu: knot-service: Add includes field in configuration.
2019-04-19 21:22 [bug#35329] [PATCH] gnu: knot-service: Add includes field in configuration Julien Lepiller
@ 2019-04-24 12:34 ` Ludovic Courtès
2019-04-25 19:46 ` bug#35329: " Julien Lepiller
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2019-04-24 12:34 UTC (permalink / raw)
To: Julien Lepiller; +Cc: 35329
Julien Lepiller <julien@lepiller.eu> skribis:
> * gnu/services/dns.scm (knot-configuration): Add includes field.
> (verify-knot-configuration): Check includes content.
> (knot-config-file): Serialize includes.
> * doc/guix.texi (DNS Services): Document it.
[...]
> +@item @code{includes} (default: @code{'()})
> +A list of strings or file-like objects denoting other files that must be
> +included at the top of the configuration file. This is especially useful
^
I’d make a new paragraph here.
> +for including key configuration from outside the store, since keys should
> +not be readable by every user. It can also be used to add configuration
> +not supported by this interface.
What about:
@cindex secrets, Knot service
This can be used to manage secrets out-of-band. For example, secret
keys may be stored in an out-of-band file not managed by Guix, and
thus not visible in @file{/gnu/store}---e.g., you could store secret
key configuration in @file{/etc/knot/secrets.conf} and add this file
to the @code{includes} list.
It can also be used […]
LGTM!
Thanks,
LUdo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#35329: [PATCH] gnu: knot-service: Add includes field in configuration.
2019-04-24 12:34 ` Ludovic Courtès
@ 2019-04-25 19:46 ` Julien Lepiller
0 siblings, 0 replies; 3+ messages in thread
From: Julien Lepiller @ 2019-04-25 19:46 UTC (permalink / raw)
To: 35329-done
Le Wed, 24 Apr 2019 14:34:15 +0200,
Ludovic Courtès <ludo@gnu.org> a écrit :
> Julien Lepiller <julien@lepiller.eu> skribis:
>
> > * gnu/services/dns.scm (knot-configuration): Add includes field.
> > (verify-knot-configuration): Check includes content.
> > (knot-config-file): Serialize includes.
> > * doc/guix.texi (DNS Services): Document it.
>
> [...]
>
> > +@item @code{includes} (default: @code{'()})
> > +A list of strings or file-like objects denoting other files that
> > must be +included at the top of the configuration file. This is
> > especially useful
> ^
> I’d make a new paragraph here.
>
> > +for including key configuration from outside the store, since keys
> > should +not be readable by every user. It can also be used to add
> > configuration +not supported by this interface.
>
> What about:
>
> @cindex secrets, Knot service
> This can be used to manage secrets out-of-band. For example, secret
> keys may be stored in an out-of-band file not managed by Guix, and
> thus not visible in @file{/gnu/store}---e.g., you could store secret
> key configuration in @file{/etc/knot/secrets.conf} and add this file
> to the @code{includes} list.
>
> It can also be used […]
>
> LGTM!
>
> Thanks,
> LUdo’.
Push as 92eb600f8a94afa36142f8f145efaa485b632433, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-04-25 19:53 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-19 21:22 [bug#35329] [PATCH] gnu: knot-service: Add includes field in configuration Julien Lepiller
2019-04-24 12:34 ` Ludovic Courtès
2019-04-25 19:46 ` bug#35329: " Julien Lepiller
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.