1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
{ currentSystem, nodes, config, lib, pkgs, ... }:
with lib;
let
cfg = config.dns;
in {
options.dns = {
enable = mkEnableOption "nix-powered DNS";
# contains dns entries defined on the local host
zones = mkOption {
type = lib.types.attrsOf pkgs.dns.lib.types.subzone;
default = {};
};
# contains dns entries defined on the local host and on remote hosts, merged together
allZones = mkOption {
type = lib.types.attrsOf pkgs.dns.lib.types.zone;
default = {};
};
# zones not generated by nix-dns, for example secondaries
extraZones = mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
};
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
# serve records defined in all host configs
dns.allZones = mkMerge (
mapAttrsToList (
name: host: host.config.dns.zones
) nodes
);
systemd.services.bind.preStart = ''
mkdir -p /var/lib/bind
chown named /var/lib/bind
'';
services.bind = {
enable = true;
zones = (
mapAttrsToList (
name: zone: {
inherit name;
master = true;
slaves = [ "any" ];
file = pkgs.dns.util."${currentSystem}".writeZone name zone;
}
) cfg.allZones
) ++ cfg.extraZones;
};
};
}