diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2023-02-25 02:41:25 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2023-03-11 22:23:10 +0100 |
commit | 1fc6f2c41209b51f7c9b4ea87f7ab8e3d53cc275 (patch) | |
tree | f0ae54d83dee388fb8c0a0a1491d3a009245c821 /nixos/tests | |
parent | 66579946d38ee882304f0e96235423290c65dec9 (diff) |
nixos/tests/knot: Use automatic-acl and drop explicit acls
This is more in line with expected production usage and if people use this tests as a reference it should reflect that.
Diffstat (limited to 'nixos/tests')
-rw-r--r-- | nixos/tests/knot.nix | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/nixos/tests/knot.nix b/nixos/tests/knot.nix index 203fd03fac26f..820ee21c42f8c 100644 --- a/nixos/tests/knot.nix +++ b/nixos/tests/knot.nix @@ -31,7 +31,7 @@ let # DO NOT USE pkgs.writeText IN PRODUCTION. This put secrets in the nix store! tsigFile = pkgs.writeText "tsig.conf" '' key: - - id: slave_key + - id: xfr_key algorithm: hmac-sha256 secret: zOYgOgnzx3TGe5J5I/0kxd7gTcxXhLYMEq3Ek3fY37s= ''; @@ -64,22 +64,17 @@ in { server: listen: 0.0.0.0@53 listen: ::@53 - - acl: - - id: slave_acl - address: 192.168.0.2 - key: slave_key - action: transfer + automatic-acl: true remote: - id: slave address: 192.168.0.2@53 + key: xfr_key template: - id: default storage: ${knotZonesEnv} notify: [slave] - acl: [slave_acl] dnssec-signing: on # Input-only zone files # https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3 @@ -122,21 +117,16 @@ in { server: listen: 0.0.0.0@53 listen: ::@53 - - acl: - - id: notify_from_master - address: 192.168.0.1 - action: notify + automatic-acl: true remote: - id: master address: 192.168.0.1@53 - key: slave_key + key: xfr_key template: - id: default master: master - acl: [notify_from_master] # zonefileless setup # https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2 zonefile-sync: -1 |