nixos-config/profiles/services/local_nameserver.nix

{ config, pkgs, environment, ... }:

let
  databaseName = "powerdns";
  userName = "powerdns";
  reverseIp = ip: builtins.concatStringsSep "." (lib.lists.reverseList(lib.strings.splitString "." ip));
  fullReverseIp = ip: "${reverseIp ip}.in-addr.arpa";
  hostRecord = domain_id: type: name: content: ''
        INSERT INTO records (domain_id, name, type, content) VALUES ($domain_id, '${name}', '${type}', '${content}');
      '';

in {
  environment = {
    systemPackages = with pkgs; [
      postgresql_11_gssapi
      powerdns
    ];
  };

  services.postgresql.users."${userName}" = {
    passwd = "some_junk";
    databases = ["${databaseName}"];
  };

  services.postgresql.databases."${databaseName} = {
      "${databaseName}" = ''
        CREATE TABLE domains (
          id                    SERIAL PRIMARY KEY,
          name                  VARCHAR(255) NOT NULL,
          master                VARCHAR(128) DEFAULT NULL,
          last_check            INT DEFAULT NULL,
          type                  VARCHAR(6) NOT NULL,
          notified_serial       INT DEFAULT NULL,
          account               VARCHAR(40) DEFAULT NULL,
          CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
        );

        CREATE UNIQUE INDEX name_index ON domains(name);


        CREATE TABLE records (
          id                    BIGSERIAL PRIMARY KEY,
          domain_id             INT DEFAULT NULL,
          name                  VARCHAR(255) DEFAULT NULL,
          type                  VARCHAR(10) DEFAULT NULL,
          content               VARCHAR(65535) DEFAULT NULL,
          ttl                   INT DEFAULT NULL,
          prio                  INT DEFAULT NULL,
          disabled              BOOL DEFAULT 'f',
          ordername             VARCHAR(255),
          auth                  BOOL DEFAULT 't',
          CONSTRAINT domain_exists
          FOREIGN KEY(domain_id) REFERENCES domains(id)
          ON DELETE CASCADE,
          CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
        );

        CREATE INDEX rec_name_index ON records(name);
        CREATE INDEX nametype_index ON records(name,type);
        CREATE INDEX domain_id ON records(domain_id);
        CREATE INDEX recordorder ON records (domain_id, ordername text_pattern_ops);


        CREATE TABLE supermasters (
          ip                    INET NOT NULL,
          nameserver            VARCHAR(255) NOT NULL,
          account               VARCHAR(40) NOT NULL,
          PRIMARY KEY(ip, nameserver)
        );


        CREATE TABLE comments (
          id                    SERIAL PRIMARY KEY,
          domain_id             INT NOT NULL,
          name                  VARCHAR(255) NOT NULL,
          type                  VARCHAR(10) NOT NULL,
          modified_at           INT NOT NULL,
          account               VARCHAR(40) DEFAULT NULL,
          comment               VARCHAR(65535) NOT NULL,
          CONSTRAINT domain_exists
          FOREIGN KEY(domain_id) REFERENCES domains(id)
          ON DELETE CASCADE,
          CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
        );

        CREATE INDEX comments_domain_id_idx ON comments (domain_id);
        CREATE INDEX comments_name_type_idx ON comments (name, type);
        CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);


        CREATE TABLE domainmetadata (
          id                    SERIAL PRIMARY KEY,
          domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
          kind                  VARCHAR(32),
          content               TEXT
        );

        CREATE INDEX domainidmetaindex ON domainmetadata(domain_id);


        CREATE TABLE cryptokeys (
          id                    SERIAL PRIMARY KEY,
          domain_id             INT REFERENCES domains(id) ON DELETE CASCADE,
          flags                 INT NOT NULL,
          active                BOOL,
          content               TEXT
        );

        CREATE INDEX domainidindex ON cryptokeys(domain_id);


        CREATE TABLE tsigkeys (
          id                    SERIAL PRIMARY KEY,
          name                  VARCHAR(255),
          algorithm             VARCHAR(50),
          secret                VARCHAR(255),
          CONSTRAINT c_lowercase_name CHECK (((name)::TEXT = LOWER((name)::TEXT)))
        );

        CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

        INSERT INTO domains (id, name, master, type) VALUES (1, '${config.fudo.localNetwork.domain}', '${config.fudo.localNetwork.masterNameServer.ip}', 'MASTER');
        INSERT INTO domains (id, name, master, type) VALUES (2, '${config.fudo.localNetwork.masterNameServer.ipReverseDomain}', '${config.fudo.localNetwork.masterNameServer.ip}', 'MASTER');

        ${hostRecord 1 "SOA" config.fudo.localDomain "${config.fudo.localNetwork.domain}. hostmaster.${config.fudo.localNetwork.domain}."}
        ${hostRecord 2 "SOA" config.fudo.masterNameServer.ipReverseDomain "${config.fudo.localNetwork.masterNameServer.ipReverseDomain} hostmaster.${config.fudo.localNetwork.domain}."}
        ${hostRecord 1 "NS" config.fudo.localNetwork.domain config.fudo.localNetwork.masterNameServer.ip}
        ${hostRecord 2 "NS" config.fudo.localNetwork.masterNameServer.ipReverseDomain config.fudo.localNetwork.masterNameServer.ip}

        ${builtins.concatStringsSep "\n" (lib.attrSets.mapAttrs (host: attrs: hostRecord 1 "A" host attrs.ipv4Address) config.fudo.localNetwork.hosts)}
        ${builtins.concatStringsSep "\n" (lib.attrSets.mapAttrs (host: attrs: hostRecord 2 "PTR" (fullReverseIp attrs.ipv4Address) host) config.fudo.localNetworkhosts)}
        ${builtins.concatStringsSep "\n" (lib.attrSets.mapAttrs (alias: host: hostRecord 1 "CNAME" alias host) config.fudo.localNetwork.hostAliases)}
      '';
    };
  };
}