public/authoritative-dns
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cmon just fucking work already

Browse Source
This commit is contained in:
niten 2023-10-05 13:20:54 -07:00
parent b12c284060
commit 205e418519
2 changed files with 20 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
authoritative-dns.nix
View File

@ -69,21 +69,21 @@ in {
imports = [ ./nsd.nix ];
config = mkIf cfg.enable {
# services.fudo-nsd = {
# enable = true;
# identity = cfg.identity;
# interfaces = cfg.listen-ips;
# stateDirectory = cfg.state-directory;
# zones = mapAttrs' (dom: domCfg:
# let zoneCfg = domCfg.zone;
# in nameValuePair "${dom}." {
# dnssec = zoneCfg.ksk.key-file != null;
# ksk.keyFile =
# mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
# data = let
# content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
# in trace content content;
# }) cfg.domains;
# };
services.fudo-nsd = {
enable = true;
identity = cfg.identity;
interfaces = cfg.listen-ips;
stateDirectory = cfg.state-directory;
zones = mapAttrs' (dom: domCfg:
let zoneCfg = domCfg.zone;
in nameValuePair "${dom}." {
dnssec = zoneCfg.ksk.key-file != null;
ksk.keyFile =
mkIf (zoneCfg.ksk.key-file != null) zoneCfg.ksk.key-file;
data = let
content = zoneToZonefile cfg.timestamp dom domCfg.zone-definition;
in trace content content;
}) cfg.domains;
};
};
}

8
nsd.nix
View File

@ -506,13 +506,6 @@ let
${stateDir}/zones/${name}.signed &&
mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
'';
# signZone = name: zone: ''
# ${dnssecTools}/bin/dnssec-keymgr -g ${dnssecTools}/bin/dnssec-keygen -s ${dnssecTools}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${
# policyFile name zone.dnssecPolicy
# } ${name}
# ${dnssecTools}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
# ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
# '';
policyFile = name: policy:
pkgs.writeText "${name}.policy" ''
zone ${name} {
@ -530,7 +523,6 @@ let
};
'';
in {
# options are ordered alphanumerically
options.services.fudo-nsd = {
enable = mkEnableOption (lib.mdDoc "NSD authoritative DNS server");