From debbugs-submit-bounces@debbugs.gnu.org Fri Apr 19 17:27:17 2019
Received: (at submit) by debbugs.gnu.org; 19 Apr 2019 21:27:17 +0000
Received: from localhost ([127.0.0.1]:44812 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hHb2T-00014r-4J
	for submit@debbugs.gnu.org; Fri, 19 Apr 2019 17:27:17 -0400
Received: from eggs.gnu.org ([209.51.188.92]:40231)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1hHb2Q-00014V-B2
 for submit@debbugs.gnu.org; Fri, 19 Apr 2019 17:27:15 -0400
Received: from lists.gnu.org ([209.51.188.17]:46308)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@lepiller.eu>) id 1hHb2L-00057f-6i
 for submit@debbugs.gnu.org; Fri, 19 Apr 2019 17:27:09 -0400
Received: from eggs.gnu.org ([209.51.188.92]:54540)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <julien@lepiller.eu>) id 1hHb2J-0000a0-W4
 for guix-patches@gnu.org; Fri, 19 Apr 2019 17:27:09 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <julien@lepiller.eu>) id 1hHayZ-0003OZ-Qf
 for guix-patches@gnu.org; Fri, 19 Apr 2019 17:23:16 -0400
Received: from lepiller.eu ([89.234.186.109]:39870)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <julien@lepiller.eu>) id 1hHayZ-0003Mr-H5
 for guix-patches@gnu.org; Fri, 19 Apr 2019 17:23:15 -0400
Received: from localhost.localdomain (89-92-10-229.hfc.dyn.abo.bbox.fr
 [89.92.10.229]) by lepiller.eu (OpenSMTPD) with ESMTPSA id 25ace2da
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
 for <guix-patches@gnu.org>; Fri, 19 Apr 2019 21:23:09 +0000 (UTC)
From: Julien Lepiller <julien@lepiller.eu>
To: guix-patches@gnu.org
Subject: [PATCH] gnu: knot-service: Add includes field in configuration.
Date: Fri, 19 Apr 2019 23:22:55 +0200
Message-Id: <20190419212255.20209-1-julien@lepiller.eu>
X-Mailer: git-send-email 2.21.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 89.234.186.109
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* gnu/services/dns.scm (knot-configuration): Add includes field.
(verify-knot-configuration): Check includes content.
(knot-config-file): Serialize includes.
* doc/guix.texi (DNS Services): Document it.
---
 doc/guix.texi        | 7 +++++++
 gnu/services/dns.scm | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index 8c7522f286..d61fd1c7a9 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -19814,6 +19814,13 @@ The Knot package.
 @item @code{run-directory} (default: @code{"/var/run/knot"})
 The run directory.  This directory will be used for pid file and sockets.
 
+@item @code{includes} (default: @code{'()})
+A list of strings or file-like objects denoting other files that must be
+included at the top of the configuration file.  This is especially useful
+for including key configuration from outside the store, since keys should
+not be readable by every user.  It can also be used to add configuration
+not supported by this interface.
+
 @item @code{listen-v4} (default: @code{"0.0.0.0"})
 An ip address on which to listen.
 
diff --git a/gnu/services/dns.scm b/gnu/services/dns.scm
index 1ef754b360..445e03570a 100644
--- a/gnu/services/dns.scm
+++ b/gnu/services/dns.scm
@@ -207,6 +207,8 @@
                  (default knot))
   (run-directory knot-configuration-run-directory
                  (default "/var/run/knot"))
+  (includes      knot-configuration-includes
+                 (default '()))
   (listen-v4     knot-configuration-listen-v4
                  (default "0.0.0.0"))
   (listen-v6     knot-configuration-listen-v6
@@ -296,6 +298,8 @@
     (error-out "knot configuration field must be a package."))
   (unless (string? (knot-configuration-run-directory config))
     (error-out "run-directory must be a string."))
+  (unless (list? (knot-configuration-includes config))
+    (error-out "includes must be a list of strings or file-like objects."))
   (unless (list? (knot-configuration-keys config))
     (error-out "keys must be a list of knot-key-configuration."))
   (for-each (lambda (key) (verify-knot-key-configuration key))
@@ -529,6 +533,10 @@
     #~(begin
         (call-with-output-file #$output
           (lambda (port)
+            (if (knot-configuration-includes config)
+              (for-each (lambda (inc)
+                          (format port "include: ~a\n" inc))
+                (knot-configuration-includes config)))
             (format port "server:\n")
             (format port "    rundir: ~a\n" #$(knot-configuration-run-directory config))
             (format port "    user: knot\n")
-- 
2.21.0





From debbugs-submit-bounces@debbugs.gnu.org Wed Apr 24 08:34:29 2019
Received: (at 35329) by debbugs.gnu.org; 24 Apr 2019 12:34:30 +0000
Received: from localhost ([127.0.0.1]:55265 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hJH6b-0000pL-NA
	for submit@debbugs.gnu.org; Wed, 24 Apr 2019 08:34:29 -0400
Received: from eggs.gnu.org ([209.51.188.92]:55778)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hJH6a-0000p7-3P
 for 35329@debbugs.gnu.org; Wed, 24 Apr 2019 08:34:28 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:56403)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hJH6S-0000AG-BM; Wed, 24 Apr 2019 08:34:20 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=44466 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hJH6P-0003qp-Jd; Wed, 24 Apr 2019 08:34:18 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Julien Lepiller <julien@lepiller.eu>
Subject: Re: [bug#35329] [PATCH] gnu: knot-service: Add includes field in
 configuration.
References: <20190419212255.20209-1-julien@lepiller.eu>
Date: Wed, 24 Apr 2019 14:34:15 +0200
In-Reply-To: <20190419212255.20209-1-julien@lepiller.eu> (Julien Lepiller's
 message of "Fri, 19 Apr 2019 23:22:55 +0200")
Message-ID: <87wojjd1ko.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 35329
Cc: 35329@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Julien Lepiller <julien@lepiller.eu> skribis:

> * gnu/services/dns.scm (knot-configuration): Add includes field.
> (verify-knot-configuration): Check includes content.
> (knot-config-file): Serialize includes.
> * doc/guix.texi (DNS Services): Document it.

[...]

> +@item @code{includes} (default: @code{'()})
> +A list of strings or file-like objects denoting other files that must be
> +included at the top of the configuration file.  This is especially useful
                                                 ^
I=E2=80=99d make a new paragraph here.

> +for including key configuration from outside the store, since keys should
> +not be readable by every user.  It can also be used to add configuration
> +not supported by this interface.

What about:

  @cindex secrets, Knot service
  This can be used to manage secrets out-of-band.  For example, secret
  keys may be stored in an out-of-band file not managed by Guix, and
  thus not visible in @file{/gnu/store}---e.g., you could store secret
  key configuration in @file{/etc/knot/secrets.conf} and add this file
  to the @code{includes} list.

  It can also be used [=E2=80=A6]

LGTM!

Thanks,
LUdo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 25 15:46:33 2019
Received: (at 35329-done) by debbugs.gnu.org; 25 Apr 2019 19:46:34 +0000
Received: from localhost ([127.0.0.1]:59393 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hJkKH-00068K-Mg
	for submit@debbugs.gnu.org; Thu, 25 Apr 2019 15:46:33 -0400
Received: from lepiller.eu ([89.234.186.109]:60142)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <julien@lepiller.eu>) id 1hJkKG-000683-0T
 for 35329-done@debbugs.gnu.org; Thu, 25 Apr 2019 15:46:32 -0400
Received: from sybil.lepiller.eu (89-92-10-229.hfc.dyn.abo.bbox.fr
 [89.92.10.229]) by lepiller.eu (OpenSMTPD) with ESMTPSA id 1637268b
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO)
 for <35329-done@debbugs.gnu.org>;
 Thu, 25 Apr 2019 19:46:24 +0000 (UTC)
Date: Thu, 25 Apr 2019 21:46:08 +0200
From: Julien Lepiller <julien@lepiller.eu>
To: 35329-done@debbugs.gnu.org
Subject: Re: [bug#35329] [PATCH] gnu: knot-service: Add includes field in
 configuration.
Message-ID: <20190425214608.774e13ae@sybil.lepiller.eu>
In-Reply-To: <87wojjd1ko.fsf@gnu.org>
References: <20190419212255.20209-1-julien@lepiller.eu>
 <87wojjd1ko.fsf@gnu.org>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 35329-done
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Le Wed, 24 Apr 2019 14:34:15 +0200,
Ludovic Court=C3=A8s <ludo@gnu.org> a =C3=A9crit :

> Julien Lepiller <julien@lepiller.eu> skribis:
>=20
> > * gnu/services/dns.scm (knot-configuration): Add includes field.
> > (verify-knot-configuration): Check includes content.
> > (knot-config-file): Serialize includes.
> > * doc/guix.texi (DNS Services): Document it. =20
>=20
> [...]
>=20
> > +@item @code{includes} (default: @code{'()})
> > +A list of strings or file-like objects denoting other files that
> > must be +included at the top of the configuration file.  This is
> > especially useful =20
>                                                  ^
> I=E2=80=99d make a new paragraph here.
>=20
> > +for including key configuration from outside the store, since keys
> > should +not be readable by every user.  It can also be used to add
> > configuration +not supported by this interface. =20
>=20
> What about:
>=20
>   @cindex secrets, Knot service
>   This can be used to manage secrets out-of-band.  For example, secret
>   keys may be stored in an out-of-band file not managed by Guix, and
>   thus not visible in @file{/gnu/store}---e.g., you could store secret
>   key configuration in @file{/etc/knot/secrets.conf} and add this file
>   to the @code{includes} list.
>=20
>   It can also be used [=E2=80=A6]
>=20
> LGTM!
>=20
> Thanks,
> LUdo=E2=80=99.

Push as 92eb600f8a94afa36142f8f145efaa485b632433, thanks!




From unknown Mon Jun 16 23:45:01 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Fri, 24 May 2019 11:24:06 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator