main
1{
2 globals,
3 inputs,
4 pkgs,
5 ...
6}:
7let
8 inherit (inputs) dns;
9
10 # Generate zone file content and write to Nix store
11 mkZoneFile =
12 zoneName: zoneFile:
13 pkgs.writeText "db.${zoneName}" (
14 dns.lib.toString zoneName (import zoneFile { inherit dns globals; })
15 );
16in
17{
18 services.bind = {
19 enable = true;
20 forwarders = [
21 "8.8.8.8"
22 "8.8.4.4"
23 ];
24 extraOptions = ''
25 dnssec-validation no;
26 '';
27 extraConfig = ''
28 statistics-channels {
29 inet 127.0.0.1 port 8053 allow { 127.0.0.1; };
30 };
31 '';
32 cacheNetworks = [ "127.0.0.0/8" ] ++ globals.net.dns.cacheNetworks;
33
34 zones = [
35 # sbr.pm zone
36 {
37 name = "sbr.pm";
38 master = true;
39 file = mkZoneFile "sbr.pm" ./dns/sbr.pm.nix;
40 }
41 # home zone
42 {
43 name = "home";
44 master = true;
45 file = mkZoneFile "home" ./dns/home.nix;
46 }
47 # home reverse zone
48 {
49 name = "192.168.1.in-addr.arpa";
50 master = true;
51 file = mkZoneFile "192.168.1.in-addr.arpa" ./dns/192.168.1.nix;
52 }
53 # demeester.fr zone
54 {
55 name = "demeester.fr";
56 master = true;
57 file = mkZoneFile "demeester.fr" ./dns/demeester.fr.nix;
58 }
59 # vpn zone
60 {
61 name = "vpn";
62 master = true;
63 file = mkZoneFile "vpn" ./dns/vpn.nix;
64 }
65 # vpn reverse zone
66 {
67 name = "10.100.0.in-addr.arpa";
68 master = true;
69 file = mkZoneFile "10.100.0.in-addr.arpa" ./dns/10.100.0.nix;
70 }
71 ];
72 };
73}