From bb6cf349ffd5c15e364d551bcabec20c9e675bdc Mon Sep 17 00:00:00 2001
From: David Tulig <david.tulig@gmail.com>
Date: Sat, 10 Jun 2017 04:19:07 -0600
Subject: [PATCH] bind service: add listen-on options (#26430)

This adds configuration options for the bind package so that the
interfaces that bind listens on can be configured rather than just
hardcoded as any. The default values preserve the old behavior to be
backwards compatible.
---
 nixos/modules/services/networking/bind.nix | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
index 0272b6ceff2..ca375c935e8 100644
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@@ -14,8 +14,8 @@ let
       acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} };
 
       options {
-        listen-on {any;};
-        listen-on-v6 {any;};
+        listen-on { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOn} };
+        listen-on-v6 { ${concatMapStrings (entry: " ${entry}; ") cfg.listenOnIpv6} };
         allow-query { cachenetworks; };
         blackhole { badnetworks; };
         forward first;
@@ -96,6 +96,22 @@ in
         ";
       };
 
+      listenOn = mkOption {
+        default = ["any"];
+        type = types.listOf types.str;
+        description = "
+          Interfaces to listen on.
+        ";
+      };
+
+      listenOnIpv6 = mkOption {
+        default = ["any"];
+        type = types.listOf types.str;
+        description = "
+          Ipv6 interfaces to listen on.
+        ";
+      };
+
       zones = mkOption {
         default = [];
         description = "