nftable-migration
1{
2 globals,
3 inputs,
4 pkgs,
5 ...
6}:
7let
8 dns = inputs.dns;
9
10 # Generate zone file content and write to Nix store
11 mkZoneFile =
12 zoneName: zoneFile:
13 pkgs.writeText "db.${zoneName}" (
14 dns.lib.toString zoneName (import zoneFile { inherit dns globals; })
15 );
16in
17{
18 services.bind = {
19 enable = true;
20 forwarders = [
21 "8.8.8.8"
22 "8.8.4.4"
23 ];
24 extraOptions = ''
25 dnssec-validation no;
26 '';
27 cacheNetworks = [ "127.0.0.0/8" ] ++ globals.net.dns.cacheNetworks;
28
29 zones = [
30 # sbr.pm zone
31 {
32 name = "sbr.pm";
33 master = true;
34 file = mkZoneFile "sbr.pm" ./dns/sbr.pm.nix;
35 }
36 # home zone
37 {
38 name = "home";
39 master = true;
40 file = mkZoneFile "home" ./dns/home.nix;
41 }
42 # home reverse zone
43 {
44 name = "192.168.1.in-addr.arpa";
45 master = true;
46 file = mkZoneFile "192.168.1.in-addr.arpa" ./dns/192.168.1.nix;
47 }
48 # vpn zone
49 {
50 name = "vpn";
51 master = true;
52 file = mkZoneFile "vpn" ./dns/vpn.nix;
53 }
54 # vpn reverse zone
55 {
56 name = "10.100.0.in-addr.arpa";
57 master = true;
58 file = mkZoneFile "10.100.0.in-addr.arpa" ./dns/10.100.0.nix;
59 }
60 ];
61 };
62}