ryan.freumh.org / eilean-nix
Self-host your own digital island
fork atom
eilean-nix / modules / services / dns / bind.nix
at main 1.5 kB view raw
1{ pkgs, config, lib, ... }: 2 3let cfg = config.eilean.services.dns; 4in lib.mkIf (cfg.enable && cfg.server == "bind") { 5 services.bind = { 6 enable = true; 7 # recursive resolver 8 # cacheNetworks = [ "0.0.0.0/0" ]; 9 zones = let 10 mapZones = zonename: zone: { 11 master = true; 12 file = "${config.services.bind.directory}/${zonename}"; 13 #file = "${import ./zonefile.nix { inherit pkgs config lib zonename zone; }}/${zonename}"; 14 # axfr zone transfer 15 slaves = [ "127.0.0.1" ]; 16 }; 17 in builtins.mapAttrs mapZones cfg.zones; 18 }; 19 20 users.users = { named.extraGroups = [ config.services.opendkim.group ]; }; 21 22 ### bind prestart copy zonefiles 23 systemd.services.bind.preStart = let 24 ops = let 25 mapZones = zonename: zone: 26 let 27 zonefile = "${ 28 import ./zonefile.nix { inherit pkgs config lib zonename zone; } 29 }/${zonename}"; 30 path = "${config.services.bind.directory}/${zonename}"; 31 in '' 32 if ! diff ${zonefile} ${path} > /dev/null; then 33 cp ${zonefile} ${path} 34 cat ${config.mailserver.dkimKeyDirectory}/*.txt >> ${path} 35 # remove journal file to avoid 'journal out of sync with zone' 36 # NB this will reset dynamic updates 37 rm -f ${path}.signed.jnl 38 fi 39 ''; 40 in lib.attrsets.mapAttrsToList mapZones cfg.zones; 41 in builtins.concatStringsSep "\n" ops; 42}