diff options
Diffstat (limited to 'sys/ns')
| -rw-r--r-- | sys/ns/ns.nix | 16 | ||||
| -rw-r--r-- | sys/ns/nsd.nix | 14 |
2 files changed, 24 insertions, 6 deletions
diff --git a/sys/ns/ns.nix b/sys/ns/ns.nix index 56460c1..ccd55f6 100644 --- a/sys/ns/ns.nix +++ b/sys/ns/ns.nix @@ -1,5 +1,8 @@ -{ lib, ... }: -with lib; { +{ config, lib, ... }: +with lib; let + inherit (config.local.ns.server) tsigName; +in +{ options.local.ns.zones = mkOption { type = with lib.types; attrsOf (submodule ({ config, name, ... }: let @@ -19,8 +22,10 @@ with lib; { nsdConfig = let gandiSecondary = [ - "17.70.177.40 NOKEY" - "2001:4b98:d:1::40 NOKEY" + "37.205.15.45 ${tsigName}" # ns3.vpsfree.cz + "37.205.11.85 ${tsigName}" # ns4.vpsfree.cz + "2a03:3b40:fe:2be::1 ${tsigName}" # ns3.vpsfree.cz + "2a03:3b40:101:4::1 ${tsigName}" # ns4.vpsfree.cz ]; in { @@ -30,7 +35,8 @@ with lib; { ns = [ { name = "@"; host = cfg.primary; } - { name = "@"; host = "ns6.gandi.net."; } + { name = "@"; host = "ns3.vpsfree.cz."; } + { name = "@"; host = "ns4.vpsfree.cz."; } ]; a = [ diff --git a/sys/ns/nsd.nix b/sys/ns/nsd.nix index 29dd665..74fa7dd 100644 --- a/sys/ns/nsd.nix +++ b/sys/ns/nsd.nix @@ -5,9 +5,21 @@ in { options.local.ns.server = { enable = mkEnableOption "nsd authoritative server"; + + tsigName = mkOption { + type = types.str; + default = "NOKEY"; + }; }; config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.tsigName == "NOKEY" || config.services.nsd.keys ? "${cfg.tsigName}"; + message = "TSIG key '${cfg.tsigName}' not defined"; + } + ]; + networking.firewall = let inherit (config.services.nsd) port; @@ -29,7 +41,7 @@ in tcpTimeout = 30; tcpQueryCount = 128; - zones = mapAttrs (_: zone: zone.nsdConfig) config.local.ns.zones; + zones = mapAttrs' (name: zone: nameValuePair "${name}." zone.nsdConfig) config.local.ns.zones; }; }; } |