nixos-config/config/service/dns.nix

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  domain-name = config.instance.local-domain;
  domain = config.fudo.domains.${domain-name};

  served-domain = domain.primary-nameserver != null;

  is-primary-nameserver = hostname == domain.primary-nameserver;

  primary-nameserver = domain.primary-nameserver;
  primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;

in {
  config = mkIf (served-domain) {
    fudo.dns = {
      enable = is-primary-nameserver;

      identity = "${hostname}.${domain-name}.";

      nameservers = {
        ns1 = {
          ipv4-address = primary-nameserver-ip;
          description = "Primary ${domain-name} nameserver";
        };
      };

      listen-ips = optionals is-primary-nameserver
        (pkgs.lib.network.host-ips config hostname);

      domains = {
        ${domain-name} = {
          dnssec = true;
          default-host = primary-nameserver-ip;
          gssapi-realm = domain.gssapi-realm;
          mx = optional (domain.primary-mailserver != null)
            domain.primary-mailserver;
          dmarc-report-address = "dmarc-report@${domain-name}";

          zone-definition = let
            zone = config.fudo.zones.${domain-name};

            make-dns-srv-record = hostname: {
              port = 53;
              host = hostname;
            };
          in zone // {
            srv-records = {
              tcp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
              udp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];
            };
          };
        };
      };
    };
  };
}
Mostly stuff for selby forum 2021-12-18 12:10:42 -08:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`domain-name = config.instance.local-domain;`
			`domain = config.fudo.domains.${domain-name};`

			`served-domain = domain.primary-nameserver != null;`

			`is-primary-nameserver = hostname == domain.primary-nameserver;`

			`primary-nameserver = domain.primary-nameserver;`
			`primary-nameserver-ip = pkgs.lib.network.host-ipv4 config primary-nameserver;`

			`in {`
			`config = mkIf (served-domain) {`
			`fudo.dns = {`
			`enable = is-primary-nameserver;`

			`identity = "${hostname}.${domain-name}.";`

			`nameservers = {`
			`ns1 = {`
			`ipv4-address = primary-nameserver-ip;`
			`description = "Primary ${domain-name} nameserver";`
			`};`
			`};`

			`listen-ips = optionals is-primary-nameserver`
			`(pkgs.lib.network.host-ips config hostname);`

			`domains = {`
			`${domain-name} = {`
			`dnssec = true;`
			`default-host = primary-nameserver-ip;`
			`gssapi-realm = domain.gssapi-realm;`
			`mx = optional (domain.primary-mailserver != null)`
			`domain.primary-mailserver;`
			`dmarc-report-address = "dmarc-report@${domain-name}";`

			`zone-definition = let`
			`zone = config.fudo.zones.${domain-name};`

			`make-dns-srv-record = hostname: {`
			`port = 53;`
			`host = hostname;`
			`};`
			`in zone // {`
			`srv-records = {`
			`tcp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];`
			`udp.domain = map make-dns-srv-record [ "ns1.${domain-name}" ];`
			`};`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`