53 lines
1.2 KiB
Nix
53 lines
1.2 KiB
Nix
{ config, ... }:
|
|
let
|
|
fqdn = "tuxcord.net";
|
|
# fqdn = config.networking.fqdn;
|
|
|
|
zonesub = _: "zonesub";
|
|
subdomain = name: "subdomain ${name}";
|
|
|
|
# careful, assumes the fqdn (name) matches the key name content
|
|
keys = [
|
|
{
|
|
name = "tuxcord.net";
|
|
path = config.age.secrets.dns-root-key.path;
|
|
type = zonesub;
|
|
}
|
|
];
|
|
in
|
|
{
|
|
services.bind = {
|
|
enable = true;
|
|
|
|
extraConfig = builtins.concatStringsSep "\n" (map (key: "include \"${key.path}\";") keys);
|
|
|
|
zones = {
|
|
"${fqdn}" = {
|
|
# grant "tuxcord.net" zonesub ANY;
|
|
extraConfig = ''
|
|
update-policy {
|
|
${builtins.concatStringsSep "\n" (
|
|
map (key: "grant \"${key.name}\" ${key.type key.name} ANY;") keys
|
|
)}
|
|
};
|
|
'';
|
|
file = "/var/dns/${fqdn}.zone"; # need to put default stuff
|
|
master = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ config.services.bind.listenOnPort ];
|
|
networking.firewall.allowedUDPPorts = [ config.services.bind.listenOnPort ];
|
|
|
|
environment.persistence."/persist" = {
|
|
directories = [
|
|
{
|
|
directory = "/var/dns";
|
|
group = "named";
|
|
user = "named";
|
|
}
|
|
];
|
|
};
|
|
}
|