ctucx.git: dns.nix

fork of https://github.com/kirelagin/dns.nix

path: /dns/types/records/DS.nix 1.38 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
# SPDX-FileCopyrightText: 2020 Aluísio Augusto Silva Gonçalves <https://aasg.name>
#
# SPDX-License-Identifier: MPL-2.0 or MIT

# RFC 4034, 5

{ lib }:

let
  inherit (lib) mkOption types;

  dnssecOptions = import ./dnssec.nix { inherit lib; };
  inherit (dnssecOptions) mkRegisteredNumberOption mkDNSSECAlgorithmOption;

  mkDSDigestTypeOption = { ... }@args: mkRegisteredNumberOption {
    registryName = "Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms";
    numberType = types.ints.u8;
    # These mnemonics are unofficial, unlike the DNSSEC algorithm ones.
    mnemonics = {
      "sha-1" = 1;
      "sha-256" = 2;
      "gost" = 3;
      "sha-384" = 4;
    };
  };
in
{
  rtype = "DS";
  options = {
    keyTag = mkOption {
      description = "Tag computed over the DNSKEY referenced by this RR to identify it.";
      type = types.ints.u16;
    };
    algorithm = mkDNSSECAlgorithmOption {
      description = "Algorithm of the key referenced by this RR.";
    };
    digestType = mkDSDigestTypeOption {
      description = "Type of the digest given in the `digest` attribute.";
    };
    digest = mkOption {
      description = "Digest of the DNSKEY referenced by this RR.";
      type = types.strMatching "[[:xdigit:]]+";
    };
  };
  dataToString = { keyTag, algorithm, digestType, digest, ... }:
    "${toString keyTag} ${toString algorithm} ${toString digestType} ${digest}";
}