···
services.knot.enable = true;
services.knot.extraArgs = [ "-v" ];
services.knot.keyFiles = [ tsigFile ];
63
-
services.knot.extraConfig = ''
63
+
services.knot.settings = {
69
+
automatic-acl = true;
71
-
address: 192.168.0.2@53
72
+
acl.secondary_acl = {
73
+
address = "192.168.0.2";
75
+
action = "transfer";
76
-
storage: ${knotZonesEnv}
79
-
# Input-only zone files
80
-
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3
81
-
# prevents modification of the zonefiles, since the zonefiles are immutable
83
-
zonefile-load: difference
84
-
journal-content: changes
85
-
# move databases below the state directory, because they need to be writable
86
-
journal-db: /var/lib/knot/journal
87
-
kasp-db: /var/lib/knot/kasp
88
-
timer-db: /var/lib/knot/timer
78
+
remote.secondary.address = "192.168.0.2@53";
91
-
- domain: example.com
92
-
file: example.com.zone
80
+
template.default = {
81
+
storage = knotZonesEnv;
82
+
notify = [ "secondary" ];
83
+
acl = [ "secondary_acl" ];
84
+
dnssec-signing = true;
85
+
# Input-only zone files
86
+
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-3
87
+
# prevents modification of the zonefiles, since the zonefiles are immutable
89
+
zonefile-load = "difference";
90
+
journal-content = "changes";
94
-
- domain: sub.example.com
95
-
file: sub.example.com.zone
94
+
"example.com".file = "example.com.zone";
95
+
"sub.example.com".file = "sub.example.com.zone";
98
+
log.syslog.any = "info";
secondary = { lib, ... }: {
···
services.knot.enable = true;
services.knot.keyFiles = [ tsigFile ];
services.knot.extraArgs = [ "-v" ];
116
-
services.knot.extraConfig = ''
120
-
automatic-acl: true
115
+
services.knot.settings = {
121
+
automatic-acl = true;
124
-
address: 192.168.0.1@53
125
+
address = "192.168.0.1@53";
130
-
# zonefileless setup
131
-
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2
133
-
zonefile-load: none
134
-
journal-content: all
135
-
# move databases below the state directory, because they need to be writable
136
-
journal-db: /var/lib/knot/journal
137
-
kasp-db: /var/lib/knot/kasp
138
-
timer-db: /var/lib/knot/timer
141
-
- domain: example.com
142
-
file: example.com.zone
129
+
template.default = {
130
+
master = "primary";
131
+
# zonefileless setup
132
+
# https://www.knot-dns.cz/docs/2.8/html/operation.html#example-2
133
+
zonefile-sync = "-1";
134
+
zonefile-load = "none";
135
+
journal-content = "all";
144
-
- domain: sub.example.com
145
-
file: sub.example.com.zone
139
+
"example.com".file = "example.com.zone";
140
+
"sub.example.com".file = "sub.example.com.zone";
143
+
log.syslog.any = "info";
client = { lib, nodes, ... }: {
pyrox.dev