diff options
-rw-r--r-- | salamina.scm | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/salamina.scm b/salamina.scm index 7d58285..d1c661f 100644 --- a/salamina.scm +++ b/salamina.scm @@ -15,6 +15,7 @@ ((gnu packages) #:select (specifications->packages)) ((gnu packages admin) #:select (shadow)) + ((gnu packages dns) #:select (knot-resolver)) ((gnu packages koszko-services) #:prefix ks:) ((gnu packages python) #:select (guix-pythonpath-search-path)) ((gnu packages web) #:select (httpd mod-wsgi)) @@ -592,6 +593,39 @@ '("koszko.org" "koszkonutek-tmp.pl.eu.org")))))) +(define %root.keys-path + "/var/cache/knot-resolver/root.keys") + +(prepend %services + (simple-service 'knot-resolver-root-keys-activation activation-service-type + #~(let* ((filename #$%root.keys-path) + (filename-tmp (format #f "~a-new" filename)) + (passwd (getpwnam "knot-resolver"))) + (mkdir-p (dirname filename)) + (copy-file #$(file-append knot-resolver "/etc/knot-resolver/root.keys") + filename-tmp) + (chown filename-tmp (passwd:uid passwd) (passwd:gid passwd)) + (rename-file filename-tmp filename)))) + +(prepend %services + (service dns:knot-resolver-service-type + (dns:knot-resolver-configuration + (kresd-config-file (mixed-text-file "kresd.conf" "\ +net.listen('0.0.0.0', 5353) +modules = { 'view' } +trust_anchors.add_file('" %root.keys-path "') + +local_dnames = policy.todnames({'koszko.org', 'koszkonutek-tmp.pl.eu.org'}) +policy.add(policy.suffix(policy.STUB('127.0.0.1'), local_dnames)) + +for _, mask in ipairs({'10.8.0.0/24', '127.0.0.1/32'}) do + view:addr(mask, policy.all(policy.PASS)) +end + +view:addr('0.0.0.0/0', policy.all(policy.DENY)) +"))))) + + (prepend %services (service mail:mail-aliases-service-type '(("root" "admin")))) |