aboutsummaryrefslogtreecommitdiff
path: root/etc/news.scm
diff options
context:
space:
mode:
Diffstat (limited to 'etc/news.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit
td>Andrew Tropin * gnu/service/dns.scm: (<dnsmasq-configuration>)[cpe-id]: Change cpe-id default value to #f instead of #t. 2023-03-13services: dns: Extend dnsmasq-configuration.Sergey Trofimov * gnu/service/dns.scm: (<dnsmasq-configuration>)[servers-file]: Add. (<dnsmasq-configuration>)[tftp-secure?]: Fix typo in parameter name. * doc/guix.texi: Document (<dnsmasq-configuration>)[servers-file]. Signed-off-by: Andrew Tropin <andrew@trop.in> 2023-03-06services: knot: Default zone-file-refresh to 12h.Felix Lechner The Knot DNS service in Guix uses two days, or 48 hours, for the SOA refresh interval but that is outside the range of RFC 1912, which is entitled "Common DNS Operational and Configuration Errors." [1] Section 2.2 of RFC 1912 recommends a maximum of 12 hours for the SOA refresh rate: "You can keep it short (20 mins to 2 hours) if you aren't worried about a small increase in bandwidth used, or longer (2-12 hours) if your Internet connection is slow or is started on demand." This commit sets the default refresh interval at the nearest value recommended by the standard, which is 12 hours. Due to the widespread adoption of NOTIFY messages between primary and secondary DNS servers, the SOA refresh interval has arguably lost some importance, but the Guix default should still be in line with the standards. Values outside the recommended range can provoke warning messages from services commonly used to find bugs in DNS configurations, such as the MX Toolbox Super Tool. [2] [1] https://datatracker.ietf.org/doc/rfc1912/ [2] https://mxtoolbox.com/SuperTool.aspx * gnu/services/dns.scm (<zone-file>)[refresh]: Default to (* 12 3600). Signed-off-by: 宋文武 <iyzsong@member.fsf.org> 2022-06-04services: ddclient: No need to import (ice-9 rdelim) from the host.Attila Lendvai * gnu/services/dns.scm (ddclient-activation): Remove (ice-9 rdelim) from the with-imported-modules form. Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2022-03-24services: dnsmasq: Add more options.Remco van 't Veer * gnu/services/dns.scm (<dnsmasq-configuration>): Add forward-private-reverse-lookup?, strict-order? and cpe-id options. (dnsmasq-shepherd-service): Pass added options to dnsmasq and use match-record instead of match-lambda. * doc/guix.texi (Guix Services): Document options added to dnsmasq. Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2021-11-30services: Accept <inferior-package>s in lieu of <package>s.Tobias Geerinckx-Rice * gnu/services/authentication.scm (fprintd-configuration) (nslcd-configuration): Substitute file-like objects for package ones. * gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration): Likewise. * gnu/services/cups.scm (package-list?, cups-configuration): Likewise. * gnu/services/dns.scm (verify-knot-configuration) (ddclient-configuration): Likewise. * gnu/services/docker.scm (docker-configuration): Likewise. * gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise. * gnu/services/getmail.scm (getmail-configuration): Likewise. * gnu/services/mail.scm (dovecot-configuration) (opaque-dovecot-configuration): Likewise. * gnu/services/messaging.scm (prosody-configuration) (opaque-prosody-configuration): Likewise. * gnu/services/monitoring.scm (zabbix-server-configuration) (zabbix-agent-configuration): Likewise. * gnu/services/networking.scm (opendht-configuration): Likewise. * gnu/services/pm.scm (tlp-configuration): Likewise. * gnu/services/telephony.scm (jami-configuration): Likewise. * gnu/services/virtualization.scm (libvirt-configuration) (qemu-guest-agent-configuration): Likewise. * gnu/services/vpn.scm (openvpn-client-configuration): Likewise. 2021-10-04services: knot: Remove obsolete DISABLE-ANY? zone option.Tobias Geerinckx-Rice It is now silently ignored by knotd. * gnu/services/dns.scm (<knot-zone-configuration>): Remove DISABLE-ANY? field. Adjust all previous users. * doc/guix.texi (DNS Services): Undocument it. 2021-05-31services: dnsmasq: Extend 'activation-service'.Brice Waegeneire * gnu/services/dns.scm (dnsmasq-activation): New procedure … (dnsmasq-service-type): … use it. 2021-03-10services: Prevent following symlinks during activation.Maxime Devos This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2021-02-11services: knot: Fix configuration verification.Alexey Abramov * gnu/services/dns.scm (verify-knot-key-configuration): Fix the order of memq arguments. (verify-knot-keystore-configuration): Likewise. (verify-knot-acl-configuration): Replace fold with every procedure. Signed-off-by: 宋文武 <iyzsong@member.fsf.org>