treewide: refactor code

2026-05-03 18:08:13 -04:00
parent 89a0e5cf44
commit eec985f739
4 changed files with 46 additions and 40 deletions
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  self,
+  ...
+}:
 let
  cfg = config.dns;

@@ -20,24 +25,17 @@ let
      subdomain = name: "subdomain ${name}";

      zoneDomain =
-        if lib.strings.hasSuffix ".key.age" filename then
-          lib.strings.removeSuffix ".key.age" filename
+        if strings.hasSuffix ".key.age" filename then
+          strings.removeSuffix ".key.age" filename
        else
          throw "${filename} is not a `.key.age` file";
    in
    {
+      inherit (config.age.secrets."dns/${filename}") path;
      name = zoneDomain;
-      path = config.age.secrets."dns/${filename}".path;
      type = if zoneDomain == fqdn then zonesub else subdomain;
    }
  ) agenixKeys;
-
-  cfg = config.dns;
-  inherit (lib)
-    mkEnableOption
-    mkOption
-    mkIf
-    ;
 in
 {
  options.dns = {
@@ -70,25 +68,20 @@ in

      extraConfig = builtins.concatStringsSep "\n" (map (key: "include \"${key.path}\";") keys);

-      zones = {
-        "${fqdn}" = {
-          # grant "tuxcord.net" zonesub ANY;
-          extraConfig = ''
-            update-policy {
-              ${builtins.concatStringsSep "\n" (
-                map (key: "grant \"${key.name}\" ${key.type key.name} ANY;") keys
-              )}
-            };
-          '';
-          file = "/var/dns/${fqdn}.zone"; # need to put default stuff
-          master = true;
-        };
+      zones."${fqdn}" = {
+        # grant "tuxcord.net" zonesub ANY;
+        extraConfig = ''
+          update-policy {
+            ${builtins.concatStringsSep "\n" (
+              map (key: "grant \"${key.name}\" ${key.type key.name} ANY;") keys
+            )}
+          };
+        '';
+        file = "/var/dns/${fqdn}.zone"; # need to put default stuff
+        master = true;
      };
    };

-    networking.firewall.allowedTCPPorts = [ config.services.bind.listenOnPort ];
-    networking.firewall.allowedUDPPorts = [ config.services.bind.listenOnPort ];
-
    environment.persistence."/persist" = {
      directories = [
        {
@@ -98,5 +91,8 @@ in
        }
      ];
    };
+
+    networking.firewall.allowedTCPPorts = [ config.services.bind.listenOnPort ];
+    networking.firewall.allowedUDPPorts = [ config.services.bind.listenOnPort ];
  };
 }