In 87a19e9048773d5a363679617406ad148d36c3b8 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a570d6cf81d229ad22a8889602639160 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c79797a5fa384fbc356c74ed54f9f7829ea. This was however wrong, as it "removed" master.
This reverts commit 0be87c79797a5fa384fbc356c74ed54f9f7829ea.
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048773d5a363679617406ad148d36c3b8.
This reverts commit ac241fb7a570d6cf81d229ad22a8889602639160, reversing
changes made to 76a439239eb310d9ad76d998b34d5d3bc0e37acb.
Minor incompatibilities due to moving to upstream defaults:
- capabilities are used instead of systemd.socket units
- the control socket moved:
/run/kresd/control -> /run/knot-resolver/control/1
- cacheDir moved and isn't configurable anymore
- different user+group names, without static IDs
Thanks Mic92 for multiple ideas.
Deperecates the interfaces option which was used to generate a host:port
list whereas the port was always hardcoded to 53. This unifies the
listen configuration for plain and TLS sockets and allows to specify a
port without an address for wildcard binds.
in read-only way. If the cache directory is empty and you use the
very same service for system's DNS, kresd is unable to bootstrap root
trust anchors, as it would need a DNS lookup.
Also, if we don't rely on bootstrap, the extra lua deps of kresd could
be dropped by default, but let's not do that now, as the difference in
closure size is only ~4 MB, and there may be other use cases than
running the package as nixos service this way.
The unnecessary dependency of sockets.target on kresd.service causes a
dependency cycle preventing kresd.service from starting at boot:
sockets.target -> kresd.service -> basic.target -> sockets.target
