nixos: Require networking.hostName to be a valid DNS label

This also means that the hostname must not contain the domain name part anymore (i.e. must not be a FQDN). See RFC 1035 [0], "man 5 hostname", or the kernel documentation [1]. Note: For legacy reasons we also allow underscores inside of the label but this is not recommended and intentionally left undocumented. [0]: https://tools.ietf.org/html/rfc1035 [1]: https://www.kernel.org/doc/html/latest/admin-guide/sysctl/kernel.html#domainname-hostname Co-authored-by: zimbatm <zimbatm@zimbatm.com>
NixOS · May 25, 2020 · 993baa5 · 993baa5
1 parent 837ec31
commit 993baa5
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 3 deletions.
diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml
@@ -431,6 +431,16 @@ systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ];
        <literal>networking.hosts = lib.mkForce { "127.0.1.1" = [ config.networking.hostName ]; };</literal>.
      </para>
    </listitem>
+   <listitem>
+     <para>
+       The hostname (<literal>networking.hostName</literal>) must now be a valid
+       DNS label (see RFC 1035) and as such must not contain the domain part.
+       This means that the hostname must start with a letter, end with a letter
+       or digit, and have as interior characters only letters, digits, and
+       hyphen. The maximum length is 63 characters. Additionally it is
+       recommended to only use lower-case characters.
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
@@ -376,10 +376,20 @@ in
 
     networking.hostName = mkOption {
       default = "nixos";
-      type = types.str;
+      # Only allow hostnames without the domain name part (i.e. no FQDNs, see
+      # e.g. "man 5 hostname") and require valid DNS labels (recommended
+      # syntax). Note: We also allow underscores for compatibility/legacy
+      # reasons (as undocumented feature):
+      type = types.strMatching
+        "^[[:alpha:]]([[:alnum:]_-]{0,61}[[:alnum:]])?$";
       description = ''
-        The name of the machine.  Leave it empty if you want to obtain
-        it from a DHCP server (if using DHCP).
+        The name of the machine. Leave it empty if you want to obtain it from a
+        DHCP server (if using DHCP). The hostname must be a valid DNS label (see
+        RFC 1035 section 2.3.1: "Preferred name syntax") and as such must not
+        contain the domain part. This means that the hostname must start with a
+        letter, end with a letter or digit, and have as interior characters only
+        letters, digits, and hyphen. The maximum length is 63 characters.
+        Additionally it is recommended to only use lower-case characters.
       '';
     };