Cmon just fucking work already
This commit is contained in:
parent
b12c284060
commit
205e418519
@ -69,21 +69,21 @@ in {
|
|||||||
imports = [ ./nsd.nix ];
|
imports = [ ./nsd.nix ];
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
# services.fudo-nsd = {
|
services.fudo-nsd = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# identity = cfg.identity;
|
identity = cfg.identity;
|
||||||
# interfaces = cfg.listen-ips;
|
interfaces = cfg.listen-ips;
|
||||||
# stateDirectory = cfg.state-directory;
|
stateDirectory = cfg.state-directory;
|
||||||
# zones = mapAttrs' (dom: domCfg:
|
zones = mapAttrs' (dom: domCfg:
|
||||||
# let zoneCfg = domCfg.zone;
|
let zoneCfg = domCfg.zone;
|
||||||
# in nameValuePair "${dom}." {
|
in nameValuePair "${dom}." {
|
||||||
# dnssec = zoneCfg.ksk.key-file != null;
|
dnssec = zoneCfg.ksk.key-file != null;
|
||||||
# ksk.keyFile =
|
ksk.keyFile =
|
||||||
# mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
|
mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
|
||||||
# data = let
|
data = let
|
||||||
# content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
|
content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
|
||||||
# in trace content content;
|
in trace content content;
|
||||||
# }) cfg.domains;
|
}) cfg.domains;
|
||||||
# };
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
16
nsd.nix
16
nsd.nix
@ -506,13 +506,6 @@ let
|
|||||||
${stateDir}/zones/${name}.signed &&
|
${stateDir}/zones/${name}.signed &&
|
||||||
mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
|
mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
|
||||||
'';
|
'';
|
||||||
# signZone = name: zone: ''
|
|
||||||
# ${dnssecTools}/bin/dnssec-keymgr -g ${dnssecTools}/bin/dnssec-keygen -s ${dnssecTools}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${
|
|
||||||
# policyFile name zone.dnssecPolicy
|
|
||||||
# } ${name}
|
|
||||||
# ${dnssecTools}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
|
|
||||||
# ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
|
|
||||||
# '';
|
|
||||||
policyFile = name: policy:
|
policyFile = name: policy:
|
||||||
pkgs.writeText "${name}.policy" ''
|
pkgs.writeText "${name}.policy" ''
|
||||||
zone ${name} {
|
zone ${name} {
|
||||||
@ -530,7 +523,6 @@ let
|
|||||||
};
|
};
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
# options are ordered alphanumerically
|
|
||||||
options.services.fudo-nsd = {
|
options.services.fudo-nsd = {
|
||||||
|
|
||||||
enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");
|
enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");
|
||||||
@ -930,7 +922,7 @@ in {
|
|||||||
@ IN SOA a.ns.example.com. admin.example.com. (
|
@ IN SOA a.ns.example.com. admin.example.com. (
|
||||||
...
|
...
|
||||||
''';
|
''';
|
||||||
};
|
};
|
||||||
"example.org." = {
|
"example.org." = {
|
||||||
data = '''
|
data = '''
|
||||||
$ORIGIN example.org.
|
$ORIGIN example.org.
|
||||||
@ -938,9 +930,9 @@ in {
|
|||||||
@ IN SOA a.ns.example.com. admin.example.com. (
|
@ IN SOA a.ns.example.com. admin.example.com. (
|
||||||
...
|
...
|
||||||
''';
|
''';
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"example.net." = {
|
"example.net." = {
|
||||||
provideXFR = [ "10.3.2.1 NOKEY" ];
|
provideXFR = [ "10.3.2.1 NOKEY" ];
|
||||||
@ -948,7 +940,7 @@ in {
|
|||||||
...
|
...
|
||||||
''';
|
''';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
description = lib.mdDoc ''
|
description = lib.mdDoc ''
|
||||||
Define your zones here. Zones can cascade other zones and therefore
|
Define your zones here. Zones can cascade other zones and therefore
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user