From 1671cece1cde85578be9aee9c84b0ff7a0793c76 Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Sun, 19 Nov 2023 17:48:23 -0800
Subject: [PATCH] Take a list of domains for which we're secondary

---
 authoritative-dns.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/authoritative-dns.nix b/authoritative-dns.nix
index 93ac0e7..e2e913e 100644
--- a/authoritative-dns.nix
+++ b/authoritative-dns.nix
@@ -94,6 +94,12 @@ in {
         "Map of IP address to authoritative hostname. Unneeded hosts will be ignored.";
       default = { };
     };
+
+    mirrored-domains = mkOption {
+      type = attrsOf str;
+      description = "Map of domain name to primary server IP.";
+      default = { };
+    };
   };
 
   imports = [ ./nsd.nix ];
@@ -129,6 +135,10 @@ in {
               ipHostMap = cfg.ip-host-map;
               serial = cfg.timestamp;
             }) reverse-zones)) cfg.domains;
+        secondaryZones = mapAttrs (domain: masterIp: {
+          allowNotify = "${masterIp}/32";
+          requestXFR = "AXFR ${masterIp} NOKEY";
+        }) cfg.mirrored-domains;
       in forwardZones // reverseZones;
     };
   };