From 1fc6f2c41209b51f7c9b4ea87f7ab8e3d53cc275 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Sat, 25 Feb 2023 02:41:25 +0100 Subject: [PATCH] nixos/tests/knot: Use automatic-acl and drop explicit acls This is more in line with expected production usage and if people use this tests as a reference it should reflect that. --- nixos/tests/knot.nix | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/nixos/tests/knot.nix b/nixos/tests/knot.nix index 203fd03fac26..820ee21c42f8 100644 --- a/nixos/tests/knot.nix +++ b/nixos/tests/knot.nix @@ -31,7 +31,7 @@ let # DO NOT USE pkgs.writeText IN PRODUCTION. This put secrets in the nix store! tsigFile = pkgs.writeText "tsig.conf" '' key: - - id: slave_key + - id: xfr_key algorithm: hmac-sha256 secret: zOYgOgnzx3TGe5J5I/0kxd7gTcxXhLYMEq3Ek3fY37s= ''; @@ -64,22 +64,17 @@ in { server: listen: 0.0.0.0@53 listen: ::@53 - - acl: - - id: slave_acl - address: 192.168.0.2 - key: slave_key - action: transfer + automatic-acl: true remote: - id: slave address: 192.168.0.2@53 + key: xfr_key template: - id: default storage: ${knotZonesEnv} notify: [slave] - acl: [slave_acl] dnssec-signing: on # Input-only zone files # https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3 @@ -122,21 +117,16 @@ in { server: listen: 0.0.0.0@53 listen: ::@53 - - acl: - - id: notify_from_master - address: 192.168.0.1 - action: notify + automatic-acl: true remote: - id: master address: 192.168.0.1@53 - key: slave_key + key: xfr_key template: - id: default master: master - acl: [notify_from_master] # zonefileless setup # https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2 zonefile-sync: -1