From 78e90e159e62003f088f60847daefa1da7300a1c Mon Sep 17 00:00:00 2001 From: Julien Malka Date: Wed, 14 Aug 2024 13:13:52 +0200 Subject: [PATCH] feat: deploy nsd on akhaten --- machines/akhaten/default.nix | 1 + machines/akhaten/nsd.nix | 60 ++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 machines/akhaten/nsd.nix diff --git a/machines/akhaten/default.nix b/machines/akhaten/default.nix index e85d073..e9a5944 100644 --- a/machines/akhaten/default.nix +++ b/machines/akhaten/default.nix @@ -4,6 +4,7 @@ ./hardware.nix ./home-julien.nix ./stalwart.nix + ./nsd.nix ]; machine.meta = { diff --git a/machines/akhaten/nsd.nix b/machines/akhaten/nsd.nix new file mode 100644 index 0000000..e655ed2 --- /dev/null +++ b/machines/akhaten/nsd.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + inputs, + nixosConfigurations, + ... +}: +let + zonesToList = lib.mapAttrsToList (name: value: { ${name} = value; }); + zonesFromConfig = lib.mkMerge ( + lib.fold (elem: acc: acc ++ (zonesToList elem.config.machine.meta.zones)) [ ] ( + lib.attrValues nixosConfigurations + ) + ); + dnsLib = (import inputs.dns).lib; + evalZones = + zones: + (lib.evalModules { + modules = [ + { + options = { + zones = lib.mkOption { + type = lib.types.attrsOf dnsLib.types.zone; + description = "DNS zones"; + }; + }; + config = { + inherit zones; + }; + } + ]; + }).config.zones; + + minimalZone = { + SOA = { + nameServer = "ns"; + adminEmail = "dns@julienmalka.me"; + serial = 0; + }; + }; + +in + +{ + services.nsd = { + enable = true; + remoteControl.enable = true; + interfaces = [ + config.machine.meta.ips.public.ipv4 + config.machine.meta.ips.vpn.ipv4 + ]; + zones = lib.mapAttrs (name: _: { + requestXFR = [ "AXFR ${lib.snowfield.gustave.ips.vpn.ipv4} NOKEY" ]; + allowNotify = [ "${lib.snowfield.gustave.ips.vpn.ipv4} NOKEY" ]; + data = dnsLib.toString name minimalZone; + }) (evalZones zonesFromConfig); + }; + + networking.firewall.allowedUDPPorts = [ 53 ]; +}