70 lines
1.7 KiB
Nix
70 lines
1.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = config.instance.hostname;
|
|
domain = config.instance.local-domain;
|
|
cfg = config.fudo.domains.${domain};
|
|
|
|
served-domain = cfg.primary-nameserver != null;
|
|
|
|
is-primary = hostname == cfg.primary-nameserver;
|
|
|
|
create-srv-record = port: hostname: {
|
|
port = port;
|
|
host = hostname;
|
|
};
|
|
|
|
in {
|
|
config = {
|
|
fudo.dns = mkIf is-primary (let
|
|
primary-ip = pkgs.lib.network.host-ipv4 config hostname;
|
|
all-ips = pkgs.lib.network.host-ips config hostname;
|
|
in {
|
|
enable = true;
|
|
identity = "${hostname}.${domain}";
|
|
nameservers = {
|
|
ns1 = {
|
|
ipv4-address = primary-ip;
|
|
description = "Primary ${domain} nameserver";
|
|
};
|
|
};
|
|
|
|
# Deliberately leaving out localhost so the primary nameserver
|
|
# can use a custom recursor
|
|
listen-ips = all-ips;
|
|
|
|
domains = {
|
|
${domain} = {
|
|
dnssec = true;
|
|
default-host = primary-ip;
|
|
gssapi-realm = cfg.gssapi-realm;
|
|
mx = optional (cfg.primary-mailserver != null)
|
|
cfg.primary-mailserver;
|
|
# TODO: there's no guarantee this exists...
|
|
dmarc-report-address = "dmarc-report@${domain}";
|
|
|
|
zone-definition = let
|
|
zone = config.fudo.zones.${domain};
|
|
in zone // {
|
|
srv-records = {
|
|
tcp = {
|
|
domain = [{
|
|
host = "ns1.${domain}";
|
|
port = 53;
|
|
}];
|
|
};
|
|
udp = {
|
|
domain = [{
|
|
host = "ns1.${domain}";
|
|
port = 53;
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
});
|
|
};
|
|
}
|