From 5a0a0f01fb0e6ea7c1ccf72d3167413370253515 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jan.vcelak@nic.cz>
Date: Tue, 10 Dec 2013 17:28:40 +0100
Subject: [PATCH] doc: storage and dnssec-keydir per zone

---
 doc/configuration.texi      |  9 -------
 doc/reference.texi          | 51 ++++++++++++++++++++++---------------
 man/knot.conf.5.in          | 16 +++++++++---
 samples/knot.full.conf      | 18 +++++++++----
 samples/knot.sample.conf.in |  8 +++---
 5 files changed, 60 insertions(+), 42 deletions(-)

diff --git a/doc/configuration.texi b/doc/configuration.texi
index 27c2e8f64d..b68a6fa5b4 100644
--- a/doc/configuration.texi
+++ b/doc/configuration.texi
@@ -30,10 +30,6 @@ file which can be used as a base for your Knot DNS setup.
 # in the source directory.
 #
 
-system @{
-  storage "/var/lib/knot";
-@}
-
 interfaces @{
   my_interface @{ address 127.0.0.1@@53; @}
   second_int @{ address ::1; @}
@@ -56,11 +52,6 @@ Now let's go step by step through this minimal configuration file:
 
 @enumerate
 
-@item
-In @code{system} statement we have configured @code{storage}
-directory where Knot DNS will store slave zones and journal files.
-(See @ref{system} and @ref{storage})
-
 @item
 The @code{interfaces} statement defines interfaces where Knot
 DNS will listen for incoming connections. We have defined two
diff --git a/doc/reference.texi b/doc/reference.texi
index 29568270bf..3c395a6699 100644
--- a/doc/reference.texi
+++ b/doc/reference.texi
@@ -37,7 +37,6 @@ else.
   [ @code{identity} ( @code{on} | @code{"}@kbd{string}@code{"} )@code{;} ]
   [ @code{version} ( @code{on} | @code{"}@kbd{string}@code{"} )@code{;} ]
   [ @code{nsid} ( @code{on} | @code{"}@kbd{string}@code{"} | @kbd{hex_string} )@code{;} ]
-  [ @code{storage} @code{"}@kbd{string}@code{";} ]
   [ @code{rundir} @code{"}@kbd{string}@code{";} ]
   [ @code{pidfile} @code{"}@kbd{string}@code{";} ]
   [ @code{workers} @kbd{integer}@code{;} ]
@@ -60,7 +59,6 @@ else.
 * identity::
 * version::
 * nsid::
-* storage::
 * rundir::
 * pidfile::
 * workers::
@@ -128,19 +126,6 @@ system @{
 @}
 @end example
 
-@node storage
-@subsubsection storage
-@vindex storage
-
-The working directory of Knot DNS, it is used to store zone files and journal files.
-Default: @file{$@{localstatedir@}/lib/knot}, configured with @code{--with-storage=path}
-
-@example
-system @{
-  storage "/var/lib/knot";
-@}
-@end example
-
 @node rundir
 @subsubsection rundir
 @vindex rundir
@@ -279,7 +264,6 @@ system @{
   identity "Knot DNS @value{VERSION}";
   version "@value{VERSION}";
   nsid    "amaterasu";
-  storage "/var/lib/knot";
   rundir "/var/run/knot";
   workers 16;
   user knot.knot;
@@ -712,7 +696,6 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
 @example
 @code{zones} @code{@{}
   [ @kbd{zone_options} ]
-  [ @code{dnssec-keydir} @code{"}@kbd{string}@code{"}@code{;} ]
   @kbd{zone_id} @code{@{}
     @code{file} @code{"}@kbd{string}@code{";}
     [ @code{xfr-in} @kbd{remote_id} [, @kbd{remote_id}, @dots{} ]@code{;} ]
@@ -725,6 +708,7 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
 @code{@}}
 
 @kbd{zone_options} :=
+  [ @code{storage} @code{"}@kbd{string}@code{";} ]
   [ @code{semantic-checks} @kbd{boolean}@code{;} ]
   [ @code{ixfr-from-differences} @kbd{boolean}@code{;} ]
   [ @code{disable-any} @kbd{boolean}@code{;} ]
@@ -733,6 +717,7 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
   [ @code{zonefile-sync} ( @kbd{integer} | @kbd{integer}(@code{s} | @code{m} | @code{h} | @code{d})@code{;} ) ]
   [ @code{ixfr-fslimit} ( @kbd{integer} | @kbd{integer}(@code{k} | @code{M} | @code{G}) )@code{;} ]
   [ @code{ixfr-from-differences} @kbd{boolean}@code{;} ]
+  [ @code{dnssec-keydir} @code{"}@kbd{string}@code{"}@code{;} ]
   [ @code{dnssec-enable} ( @code{on} | @code{off} )@code{;} ]
   [ @code{signature-lifetime} ( @kbd{integer} | @kbd{integer}(@code{s} | @code{m} | @code{h} | @code{d})@code{;} ) ]
 @end example
@@ -748,6 +733,7 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
 * notify-in::
 * notify-out::
 * update-in::
+* storage::
 * semantic-checks::
 * ixfr-from-differences::
 * disable-any::
@@ -755,8 +741,8 @@ The @code{zones} statement contains definition of zones served by Knot DNS.
 * notify-retries::
 * zonefile-sync::
 * ixfr-fslimit::
-* dnssec-enable::
 * dnssec-keydir::
+* dnssec-enable::
 * signature-lifetime::
 @end menu
 
@@ -809,6 +795,28 @@ Remotes are defined in @code{remotes} section of configuration file (@pxref{remo
 In @code{update-in} statement user specifies which remotes will be permitted to perform a DNS UPDATE.
 Remotes are defined in @code{remotes} section of configuration file (@pxref{remotes}).
 
+@node storage
+@subsubsection storage
+@vindex storage
+
+The working directory of Knot DNS, it is used to store zone files and journal files.
+
+If it is set in an invidiual @code{zone} config section, it can be specified as a relative path to @code{storage}.
+
+Default value (in @code{zones} section): @file{$@{localstatedir@}/lib/knot}, configured with @code{--with-storage=path}
+
+Default value (in @code{zone} config): inherited from @code{zones} section.
+
+@example
+zones @{
+  storage "/var/lib/knot";
+  example.com @{
+    storage "com";
+    file "example.com"; # /var/lib/knot/com/example.com
+  @}
+@}
+@end example
+
 @node semantic-checks
 @subsubsection semantic-checks
 @vindex semantic-checks
@@ -876,7 +884,7 @@ Default value (in @code{zone} config): inherited from @code{zones} section
 @subsubsection dnssec-keydir
 @vindex dnssec-keydir
 
-Location of DNSSEC signing keys.
+Location of DNSSEC signing keys. Can be specified as a relative path to @code{storage}.
 
 Default value: not set
 
@@ -904,6 +912,7 @@ Default value: @kbd{30d} (@kbd{2592000})
 zones @{
 
   # Shared options for all listed zones
+  storage "/var/lib/knot";
   ixfr-from-differences off;
   semantic-checks off;
   disable-any off;
@@ -915,13 +924,15 @@ zones @{
   dnssec-keydir "keys";
   signature-lifetime 60d;
   example.com @{
-    file "samples/example.com.zone";
+    storage "samples";
+    file "example.com.zone";
     ixfr-from-differences off; #experimental
     disable-any off;
     semantic-checks on;
     notify-timeout 60;
     notify-retries 5;
     zonefile-sync 1h;
+    dnssec-keydir "keys";
     dnssec-enable off;
     signature-lifetime 30d;
     xfr-in server0;
diff --git a/man/knot.conf.5.in b/man/knot.conf.5.in
index 7e85e43c67..869cb7a63d 100644
--- a/man/knot.conf.5.in
+++ b/man/knot.conf.5.in
@@ -38,10 +38,6 @@ serves as an example of the configuration for knotc(8) and knotd(8).
   # Or on|off. When 'on', FQDN hostname will be used as default.
   nsid off;
 
-  # This is a default directory to place slave zone files, journals etc.
-  # default: ${localstatedir}/lib/knot, configured with --with-storage
-  storage "/var/lib/knot";
-
   # Directory for storing run-time data
   # e.g. PID file and control sockets
   # default: ${localstatedir}/run/knot, configured with --with-rundir
@@ -217,6 +213,10 @@ serves as an example of the configuration for knotc(8) and knotd(8).
   # Shared options for all listed zones
   #
 
+  # This is a default directory to place slave zone files, journals etc.
+  # default: ${localstatedir}/lib/knot, configured with --with-storage
+  storage "/var/lib/knot";
+
   # Build differences from zone file changes. EXPERIMENTAL feature.
   # Possible values: on|off
   # Default value: off
@@ -279,6 +279,10 @@ serves as an example of the configuration for knotc(8) and knotd(8).
   #
   # Format: <zone-name> { file "<path-to-zone-file>"; }
   example.com {  # <zone-name> is the DNS name of the zone (zone root)
+    # Zone specific storage directory (relative to storage in zones section).
+    # default: inherited from zones section
+    storage "example.com";
+
     # <path-to-zone-file> may be either absolute or relative, in which case
     #   it is considered relative to the current directory from which the server
     #   was started.
@@ -323,6 +327,10 @@ serves as an example of the configuration for knotc(8) and knotd(8).
     # f.e. 1k, 100M, 2G
     ixfr-fslimit 1G;
 
+    # Location of DNSSEC signing keys (relative storage directory in zone).
+    # Default value: inherited from zones section
+    dnssec-keydir "keys";
+
     # Enable DNSSEC online signing (EXPERIMENTAL)
     # Possible values: on | off;
     # Default value: inherited from zones section
diff --git a/samples/knot.full.conf b/samples/knot.full.conf
index c334b975fb..6b6a9d65d0 100644
--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -32,10 +32,6 @@ system {
   # Or on|off. When 'on', FQDN hostname will be used as default.
   nsid off;
 
-  # This is a default directory to place slave zone files, journals etc.
-  # default: ${localstatedir}/lib/knot, configured with --with-storage
-  storage "/var/lib/knot";
-
   # Directory for storing run-time data
   # e.g. PID file and control sockets
   # default: ${localstatedir}/run/knot, configured with --with-rundir
@@ -211,6 +207,10 @@ zones {
   # Shared options for all listed zones
   #
 
+  # This is a default directory to place slave zone files, journals etc.
+  # default: ${localstatedir}/lib/knot, configured with --with-storage
+  storage "/var/lib/knot";
+
   # Build differences from zone file changes. EXPERIMENTAL feature.
   # Possible values: on|off
   # Default value: off
@@ -273,6 +273,10 @@ zones {
   #
   # Format: <zone-name> { file "<path-to-zone-file>"; }
   example.com {  # <zone-name> is the DNS name of the zone (zone root)
+    # Zone specific storage directory (relative to storage in zones section).
+    # default: inherited from zones section
+    storage "example.com";
+
     # <path-to-zone-file> may be either absolute or relative, in which case
     #   it is considered relative to the current directory from which the server
     #   was started.
@@ -317,10 +321,14 @@ zones {
     # f.e. 1k, 100M, 2G
     ixfr-fslimit 1G;
 
+    # Location of DNSSEC signing keys (relative storage directory in zone).
+    # Default value: inherited from zones section
+    dnssec-keydir "keys";
+
     # Enable DNSSEC online signing (EXPERIMENTAL)
     # Possible values: on | off;
     # Default value: inherited from zones section
-    # dnssec-enable on;
+    dnssec-enable off;
 
     # Validity period for DNSSEC signatures
     # Possible values: <10801..INT_MAX> (seconds)
diff --git a/samples/knot.sample.conf.in b/samples/knot.sample.conf.in
index f16925cc3b..956e8a9b1e 100644
--- a/samples/knot.sample.conf.in
+++ b/samples/knot.sample.conf.in
@@ -16,10 +16,6 @@ system {
   # May also specify user.group (e.g. knot.knot)
   user knot.knot;
 
-  # This is a default directory to place slave zone files, journals etc.
-  # default: ${localstatedir}/lib/knot, configured with --with-storage
-  # storage "@storage_dir@";
-
   # Directory for storing run-time data
   # e.g. PID file and control sockets
   # default: ${localstatedir}/run/knot, configured with --with-rundir
@@ -62,6 +58,10 @@ control {
 #}
 
 zones {
+#  This is a default directory to place slave zone files, journals etc.
+#  default: ${localstatedir}/lib/knot, configured with --with-storage
+#  storage "@storage_dir@";
+#
 #  Example master zone
 #  example.com {
 #    file "@config_dir@/example.com.zone";
-- 
GitLab