1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# SPDX-FileCopyrightText: 2020 Aluísio Augusto Silva Gonçalves <https://aasg.name>
#
# SPDX-License-Identifier: MPL-2.0 or MIT
# RFC 4034, 5
{ lib }:
let
inherit (lib) mkOption types;
dnssecOptions = import ./dnssec.nix { inherit lib; };
inherit (dnssecOptions) mkRegisteredNumberOption mkDNSSECAlgorithmOption;
mkDSDigestTypeOption = { ... }@args: mkRegisteredNumberOption {
registryName = "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms";
numberType = types.ints.u8;
# These mnemonics are unofficial, unlike the DNSSEC algorithm ones.
mnemonics = {
"sha-1" = 1;
"sha-256" = 2;
"gost" = 3;
"sha-384" = 4;
};
};
in
{
rtype = "DS";
options = {
keyTag = mkOption {
description = "Tag computed over the DNSKEY referenced by this RR to identify it.";
type = types.ints.u16;
};
algorithm = mkDNSSECAlgorithmOption {
description = "Algorithm of the key referenced by this RR.";
};
digestType = mkDSDigestTypeOption {
description = "Type of the digest given in the `digest` attribute.";
};
digest = mkOption {
description = "Digest of the DNSKEY referenced by this RR.";
type = types.strMatching "[[:xdigit:]]+";
};
};
dataToString = { keyTag, algorithm, digestType, digest, ... }:
"${toString keyTag} ${toString algorithm} ${toString digestType} ${digest}";
}