From bcf936e19f78fc69572f0b748e83783899a55467 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Tue, 6 Aug 2024 16:40:13 -0600
Subject: sys/ns: switch to vpsfree secondary dns

---
 sys/ns/nsd.nix | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'sys/ns/nsd.nix')

diff --git a/sys/ns/nsd.nix b/sys/ns/nsd.nix
index 29dd665..74fa7dd 100644
--- a/sys/ns/nsd.nix
+++ b/sys/ns/nsd.nix
@@ -5,9 +5,21 @@ in
 {
   options.local.ns.server = {
     enable = mkEnableOption "nsd authoritative server";
+
+    tsigName = mkOption {
+      type = types.str;
+      default = "NOKEY";
+    };
   };
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.tsigName == "NOKEY" || config.services.nsd.keys ? "${cfg.tsigName}";
+        message = "TSIG key '${cfg.tsigName}' not defined";
+      }
+    ];
+
     networking.firewall =
       let
         inherit (config.services.nsd) port;
@@ -29,7 +41,7 @@ in
       tcpTimeout = 30;
       tcpQueryCount = 128;
 
-      zones = mapAttrs (_: zone: zone.nsdConfig) config.local.ns.zones;
+      zones = mapAttrs' (name: zone: nameValuePair "${name}." zone.nsdConfig) config.local.ns.zones;
     };
   };
 }
-- 
cgit v1.2.3