nixos/unbound: Coerce all single settings values to lists#121864
nixos/unbound: Coerce all single settings values to lists#121864infinisil wants to merge 1 commit intoNixOS:masterfrom
Conversation
Makes composability much better, as it allows mixing single values together without having to declare them as lists
github-actions
bot
added
6.topic: nixos
|
Note that the {
imports = [ ./a.nix ./b.nix ];
services.unbound.enable = true;
}
{
services.unbound.settings.server = {
local-zone = ''"local." static'';
local-zone-tag = ''"local." "local_net"'';
local-data = [
"router.local. IN A 10.0.0.1"
"server.local. IN A 10.0.0.10"
];
local-data-ptr = [
"10.0.0.1 router.local."
"10.0.0.10 server.local."
];
};
}
{
services.unbound.settings.server = {
local-zone = ''"foo." static'';
local-zone-tag = ''"foo." "local_net"'';
local-data = [
"router.foo. IN A 10.0.0.2"
"server.foo. IN A 10.0.0.20"
];
local-data-ptr = [
"10.0.0.2 router.foo."
"10.0.0.20 server.foo."
];
};
} |
|
@ofborg test unbound In general I dislike adding more complexity to the modules. We are far far away from a string templating machine. In fact, for the first time in a long long time, the module produced invalid configuration that was only caught during runtime. |
ofborg
bot
added
10.rebuild-darwin: 0
|
Yeah that is the tradeoff for such
We can however always add more checks to catch errors earlier, by way of adding more options for specific |
|
In this case for example, you could add options for |
|
as said on irc, we don't think this is a good idea. some keys have list semantics and some have last-occurence semantics, but it would be prohibitive to encode that in the nix module. the best approach may be to extend the documentation somewhat with a larger example that includes the incantations necessary to merge multiple definitions somewhat safely. |
|
Closing for now, but for future reference, it would also be possible to allow only strings to be list-coerced with diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
index 3b0096e2000..d754cb211ee 100644
--- a/nixos/modules/services/networking/unbound.nix
+++ b/nixos/modules/services/networking/unbound.nix
@@ -100,9 +100,8 @@ in {
type = with types; submodule {
freeformType = let
- validSettingsPrimitiveTypes = oneOf [ int str bool float ];
coercedList = t: coercedTo t singleton (listOf t);
- validSettingsTypes = coercedList validSettingsPrimitiveTypes;
+ validSettingsTypes = oneOf [ int (coercedList str) bool float ];
settingsType = coercedList (attrsOf validSettingsTypes);
in attrsOf (oneOf [ string settingsType ])
// { description = ''The merging behavior can in general be modified greatly :) |
3 participants
Motivation for this change
Makes composability much better, as it allows mixing single values together without having to declare them as lists. This allows the following to work:
I was motivated to improve this after @pennae and @andir had some complaints on IRC :)
The
settingsapproach was introduced in #89572, ping @rissson @lovesegfaultThings done
I have not tested this other than making sure that above configuration evaluates properly. I'd like to defer testing to @pennae and @andir as they are actually using this module.