From 11c2119f776263b103721302fdd3f2ba8c985bc1 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sun, 16 May 2021 18:25:26 +0200
Subject: [PATCH] Remove duplicates when generating server list in bind

---
 modules/private/dns.nix | 15 ++++++++++++---
 nixops/secrets          |  2 +-
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index 1149daf..7c59b43 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -2,16 +2,25 @@
 {
   options.myServices.dns.enable = lib.mkEnableOption "enable DNS resolver";
   config = let
+    # taken from unstable
+    cartesianProductOfSets = attrsOfLists: with lib;
+      lib.foldl' (listOfAttrs: attrName:
+        concatMap (attrs:
+          map (listValue: attrs // { ${attrName} = listValue; }) attrsOfLists.${attrName}
+        ) listOfAttrs
+      ) [{}] (attrNames attrsOfLists);
     cfg = config.services.bind;
     keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"/var/secrets/bind/${v}.key\";") (builtins.attrNames config.myEnv.dns.keys));
+    cartProduct = lib.foldr
+      (s: servers: servers // { ${s.masters} = lib.unique ((servers.${s.masters} or []) ++ [s.keys]); })
+      {}
+      (lib.unique (lib.concatMap (z: cartesianProductOfSets { masters = z.masters or []; keys = z.keys or []; }) config.myEnv.dns.slaveZones));
     toKeyList = servers: keys: builtins.concatStringsSep "\n" (map (s: ''
       server ${s} {
         keys { ${builtins.concatStringsSep ";" keys}; };
       };
     '') servers);
-    serverIncludes = builtins.concatStringsSep "\n" (map (v:
-      lib.optionalString (builtins.length v.keys > 0) (toKeyList (lib.flatten (map (n: builtins.attrValues config.myEnv.dns.ns."${n}") v.masters)) v.keys)
-    ) config.myEnv.dns.slaveZones);
+    serverIncludes = builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: toKeyList (lib.flatten (builtins.attrValues config.myEnv.dns.ns."${n}"))) cartProduct);
     configFile = pkgs.writeText "named.conf" ''
       include "/etc/bind/rndc.key";
       controls {
diff --git a/nixops/secrets b/nixops/secrets
index 3246bc6..f541869 160000
--- a/nixops/secrets
+++ b/nixops/secrets
@@ -1 +1 @@
-Subproject commit 3246bc60354e06ad3777be50cec01af072bb8d98
+Subproject commit f5418699b19f968c232c3e6cdad79b4df1616c6e
-- 
2.41.0