diff options
| author | KJ Ørbekk <kj@orbekk.com> | 2017-05-21 09:20:20 -0400 |
|---|---|---|
| committer | KJ Ørbekk <kj@orbekk.com> | 2017-05-21 09:20:20 -0400 |
| commit | 8b9df2c8fc8262c6f56a90745b06390381b33fc0 (patch) | |
| tree | 5a3dd3b527dde1e5e6bbcfcbf6b6bb86c56cf7fa | |
| parent | 490b1c726a44e97233ecdd422d271b39dc731451 (diff) | |
shape: Bind configuration
| -rw-r--r-- | config/dns.nix | 17 | ||||
| -rw-r--r-- | machines/container-shape.nix | 1 |
2 files changed, 17 insertions, 1 deletions
diff --git a/config/dns.nix b/config/dns.nix index edf9a0e..9f05807 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -1,11 +1,26 @@ # dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha1sum | cut -b 1-16) -N unixtime -o $zone -t db.${zone} { config, lib, pkgs, ... }: +let + zones = pkgs.callPackage ../pkgs/zone-files/default.nix { }; +in { services.bind = { enable = true; + extraConfig = '' + zone orbekk.com { + type master; + file "/var/run/named/db.orbekk.com.zone"; + auto-dnssec maintain; + key-directory "/opt/secret/bind/orbekk.com"; + update-policy local; + allow-query { any; }; + }; + ''; }; systemd.services.bind = { - preStart = lib.mkAfter "echo test"; + preStart = lib.mkAfter '' + cp -f ${zones}/* /var/run/named/ + ''; }; } diff --git a/machines/container-shape.nix b/machines/container-shape.nix index 1a5d832..2a194a0 100644 --- a/machines/container-shape.nix +++ b/machines/container-shape.nix @@ -11,6 +11,7 @@ ../config/weechat.nix ../config/web-server.nix ../config/mail-server.nix + ../config/dns.nix ]; users.defaultUserShell = lib.mkForce pkgs.bash; |