From 7699aaad79f00fbfbaac690797e6d2eba581bfa9 Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Tue, 1 Jul 2008 12:15:56 +0000
Subject: [PATCH] Added BIND

svn path=/nixos/trunk/; revision=12233
---
 system/options.nix       | 36 +++++++++++++++++++++++
 upstart-jobs/bind.nix    | 63 ++++++++++++++++++++++++++++++++++++++++
 upstart-jobs/default.nix |  6 ++++
 3 files changed, 105 insertions(+)
 create mode 100644 upstart-jobs/bind.nix

diff --git a/system/options.nix b/system/options.nix
index 8279949b3cb..1a9ac26e434 100644
--- a/system/options.nix
+++ b/system/options.nix
@@ -2248,6 +2248,42 @@
       };
     };
 
+    bind = {
+      enable = mkOption {
+        default = false;
+	description = "
+	  Whether to enable BIND domain name server.
+	";
+      };
+      cacheNetworks = mkOption {
+        default = ["127.0.0.0/24"];
+	description = "
+	  What networks are allowed to use us as a resolver.
+	";
+      };
+      blockedNetworks = mkOption {
+        default = [];
+	description = "
+	  What networks are just blocked.
+	";
+      };
+      zones = mkOption {
+        default = [];
+	description = "
+	  List of zones we claim authority over.
+	    master=false means slave server; slaves means addresses 
+	   who may request zone transfer.
+	";
+	example = [{
+	  name = "example.com";
+	  master = false;
+	  file = "/var/dns/example.com";
+	  masters = ["192.168.0.1"];
+	  slaves = [];
+	}];
+      };
+    };
+
   };
 
   installer = {
diff --git a/upstart-jobs/bind.nix b/upstart-jobs/bind.nix
new file mode 100644
index 00000000000..f1d0e6b0cf6
--- /dev/null
+++ b/upstart-jobs/bind.nix
@@ -0,0 +1,63 @@
+{config, pkgs}: 
+let
+  startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
+  cfg = config.services.bind;
+  concatMapStrings = pkgs.lib.concatMapStrings;
+
+  namedConf = 
+  (''
+    acl cachenetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} };
+    acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} };
+
+    options {
+      allow-query { cachenetworks; };
+      blackhole { badnetworks; };
+      forward first;
+      forwarders { ${concatMapStrings (entry: " ${entry}; ") config.networking.nameservers} };
+      directory "/var/run/named";
+      pid-file "/var/run/named/named.pid";
+    };
+
+  '')
+  + 
+  (concatMapStrings 
+    (_entry:let entry={master=true;slaves=[];masters=[];}//_entry; in
+      ''
+        zone "${entry.name}" {
+	  type ${if entry.master then "master" else "slave"};
+	  file "${entry.file}";
+	  ${ if entry.master then
+	     ''
+	       allow-transfer {
+	         ${concatMapStrings (ip: ip+";\n") entry.slaves}
+	       };
+	     ''
+	     else
+	     ''
+	       masters {
+	         ${concatMapStrings (ip: ip+";\n") entry.masters}
+	       };
+	     ''
+	  }
+	};
+      ''
+    )
+    cfg.zones
+  )
+  ;
+
+  confFile = pkgs.writeText "named.conf" namedConf;
+
+in
+{
+  name = "bind";
+  job = ''
+    description "BIND name server job"
+
+    start script
+      ${pkgs.coreutils}/bin/mkdir -p /var/run/named
+    end script
+
+    respawn ${pkgs.bind}/sbin/named -c ${confFile} -f 
+  '';
+} 
diff --git a/upstart-jobs/default.nix b/upstart-jobs/default.nix
index 1e0df9cb64a..e603f5ec953 100644
--- a/upstart-jobs/default.nix
+++ b/upstart-jobs/default.nix
@@ -402,6 +402,12 @@ let
       inherit config pkgs;
     })
 
+  # ISC BIND domain name server.
+  ++ optional config.services.bind.enable
+    (import ../upstart-jobs/bind.nix {
+      inherit config pkgs;
+    })
+
   # Handles the reboot/halt events.
   ++ (map
     (event: makeJob (import ../upstart-jobs/halt.nix {