sys/ns: initial commit

author: Alejandro Soto <alejandro@34project.org> 2024-08-04 16:36:17 -0600
committer: Alejandro Soto <alejandro@34project.org> 2024-08-04 16:57:19 -0600
commit: c918238932f0d776666e552b8ccf353375703249 (patch)
tree: 5c5f2bc90d9fa3a5ad19989df823b413363ca285 /sys/ns/nsd.nix
parent: c1fed32b662c4697fa1e1e9ce85a42d88d4e3db5 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/sys/ns/nsd.nix b/sys/ns/nsd.nix
new file mode 100644
index 0000000..46ec1e6
--- /dev/null
+++ b/sys/ns/nsd.nix
@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+with lib; let
+  cfg = config.local.ns.server;
+in
+{
+  options.local.ns.server = {
+    enable = mkEnableOption "nsd authoritative server";
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall =
+      let
+        inherit (config.services.nsd) port;
+      in
+      {
+        allowedTCPPorts = [ port ];
+        allowedUDPPorts = [ port ];
+      };
+
+    services.nsd = {
+      enable = true;
+
+      ipFreebind = true;
+
+      bind8Stats = true;
+      statistics = 3600;
+
+      tcpCount = 128;
+      tcpTimeout = 30;
+      tcpQueryCount = 128;
+
+      zones = mapAttrs
+        (_: zone: { data = zone.content; })
+        config.local.ns.zones;
+    };
+  };
+}
author	Alejandro Soto <alejandro@34project.org>	2024-08-04 16:36:17 -0600
committer	Alejandro Soto <alejandro@34project.org>	2024-08-04 16:57:19 -0600
commit	c918238932f0d776666e552b8ccf353375703249 (patch)
tree	5c5f2bc90d9fa3a5ad19989df823b413363ca285 /sys/ns/nsd.nix
parent	c1fed32b662c4697fa1e1e9ce85a42d88d4e3db5 (diff)