mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-11-26 10:06:13 +01:00
066ea797a5
Signed-off-by: magic_rb <magic_rb@redalder.org>
89 lines
1.7 KiB
Nix
89 lines
1.7 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
secret,
|
|
...
|
|
}: let
|
|
inherit
|
|
(lib)
|
|
concatMapStringsSep
|
|
;
|
|
|
|
loggingConfig = ''
|
|
logging {
|
|
${concatMapStringsSep "\n" (x: ''
|
|
channel ${x}_file {
|
|
file "/var/log/named/${x}.log" versions 3 size 5m;
|
|
severity dynamic;
|
|
print-time yes;
|
|
};
|
|
category ${x} { ${x}_file; };
|
|
'') [
|
|
"default"
|
|
"database"
|
|
"security"
|
|
"config"
|
|
"resolver"
|
|
"xfer-in"
|
|
"xfer-out"
|
|
"notify"
|
|
"client"
|
|
"unmatched"
|
|
"queries"
|
|
"network"
|
|
"update"
|
|
"network"
|
|
"dispatch"
|
|
"dnssec"
|
|
"lame-servers"
|
|
]}
|
|
};
|
|
'';
|
|
in {
|
|
systemd.tmpfiles.rules = [
|
|
"d /var/log/named 0750 named named - -"
|
|
];
|
|
|
|
services.bind = {
|
|
enable = true;
|
|
forward = "only";
|
|
forwarders = [
|
|
"127.0.0.1 port 5353"
|
|
];
|
|
|
|
directory = "/var/lib/bind";
|
|
zones = {
|
|
"in.redalder.org" = {
|
|
file = ./zones/in.redalder.org.zone;
|
|
master = true;
|
|
};
|
|
"hosts.in.redalder.org" = {
|
|
file = ./zones/hosts.in.redalder.org.zone;
|
|
master = true;
|
|
};
|
|
};
|
|
|
|
cacheNetworks = [
|
|
"127.0.0.0/8"
|
|
(secret.network.networks.home.wireless or "")
|
|
(secret.network.networks.home.mine or "")
|
|
"10.64.99.0/24"
|
|
(secret.network.networks.home.amsterdam or "")
|
|
(secret.network.networks.vpn or "")
|
|
"172.26.64.0/20"
|
|
"10.64.48.0/21"
|
|
"172.26.96.0/24"
|
|
"172.26.80.0/20"
|
|
];
|
|
extraConfig = loggingConfig;
|
|
extraOptions = ''
|
|
# recursion yes;
|
|
dnssec-validation auto;
|
|
'';
|
|
};
|
|
|
|
systemd.services.bind = {
|
|
before = ["network-online.target"];
|
|
};
|
|
}
|