Michael Raskin
parent
700fa49f93
commit
7699aaad79
|
|
@ -2248,6 +2248,42 @@
|
|||
};
|
||||
};
|
||||
|
||||
bind = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
description = "
|
||||
Whether to enable BIND domain name server.
|
||||
";
|
||||
};
|
||||
cacheNetworks = mkOption {
|
||||
default = ["127.0.0.0/24"];
|
||||
description = "
|
||||
What networks are allowed to use us as a resolver.
|
||||
";
|
||||
};
|
||||
blockedNetworks = mkOption {
|
||||
default = [];
|
||||
description = "
|
||||
What networks are just blocked.
|
||||
";
|
||||
};
|
||||
zones = mkOption {
|
||||
default = [];
|
||||
description = "
|
||||
List of zones we claim authority over.
|
||||
master=false means slave server; slaves means addresses
|
||||
who may request zone transfer.
|
||||
";
|
||||
example = [{
|
||||
name = "example.com";
|
||||
master = false;
|
||||
file = "/var/dns/example.com";
|
||||
masters = ["192.168.0.1"];
|
||||
slaves = [];
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
installer = {
|
||||
|
|
|
|||
|
|
@ -0,0 +1,63 @@
|
|||
{config, pkgs}:
|
||||
let
|
||||
startingDependency = if config.services.gw6c.enable then "gw6c" else "network-interfaces";
|
||||
cfg = config.services.bind;
|
||||
concatMapStrings = pkgs.lib.concatMapStrings;
|
||||
|
||||
namedConf =
|
||||
(''
|
||||
acl cachenetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} };
|
||||
acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} };
|
||||
|
||||
options {
|
||||
allow-query { cachenetworks; };
|
||||
blackhole { badnetworks; };
|
||||
forward first;
|
||||
forwarders { ${concatMapStrings (entry: " ${entry}; ") config.networking.nameservers} };
|
||||
directory "/var/run/named";
|
||||
pid-file "/var/run/named/named.pid";
|
||||
};
|
||||
|
||||
'')
|
||||
+
|
||||
(concatMapStrings
|
||||
(_entry:let entry={master=true;slaves=[];masters=[];}//_entry; in
|
||||
''
|
||||
zone "${entry.name}" {
|
||||
type ${if entry.master then "master" else "slave"};
|
||||
file "${entry.file}";
|
||||
${ if entry.master then
|
||||
''
|
||||
allow-transfer {
|
||||
${concatMapStrings (ip: ip+";\n") entry.slaves}
|
||||
};
|
||||
''
|
||||
else
|
||||
''
|
||||
masters {
|
||||
${concatMapStrings (ip: ip+";\n") entry.masters}
|
||||
};
|
||||
''
|
||||
}
|
||||
};
|
||||
''
|
||||
)
|
||||
cfg.zones
|
||||
)
|
||||
;
|
||||
|
||||
confFile = pkgs.writeText "named.conf" namedConf;
|
||||
|
||||
in
|
||||
{
|
||||
name = "bind";
|
||||
job = ''
|
||||
description "BIND name server job"
|
||||
|
||||
start script
|
||||
${pkgs.coreutils}/bin/mkdir -p /var/run/named
|
||||
end script
|
||||
|
||||
respawn ${pkgs.bind}/sbin/named -c ${confFile} -f
|
||||
'';
|
||||
}
|
||||
|
|
@ -402,6 +402,12 @@ let
|
|||
inherit config pkgs;
|
||||
})
|
||||
|
||||
# ISC BIND domain name server.
|
||||
++ optional config.services.bind.enable
|
||||
(import ../upstart-jobs/bind.nix {
|
||||
inherit config pkgs;
|
||||
})
|
||||
|
||||
# Handles the reboot/halt events.
|
||||
++ (map
|
||||
(event: makeJob (import ../upstart-jobs/halt.nix {
|
||||
|
|
|
|||
Loading…
Reference in New Issue