nixos-config/config/services/named.nix

{ config, ... }:
let
  internalIP = import ../../utils/getInternalIP.nix config;
  createListenEntry = ip: "inet ${ip} port 8653 allow { any; };";
  listenEntries = builtins.map createListenEntry internalIP.listenIPsBare;
in
{
  services.bind = {
    enable = true;
    zones = {
      "darkkirb.de" = {
        master = false;
        masters = [
          "fd00:e621:e621::1"
        ];
        file = "darkkirb.de.zone";
      };
      "chir.rs" = {
        master = false;
        masters = [
          "fd00:e621:e621::1"
        ];
        file = "chir.rs.zone";
      };
      "int.chir.rs" = {
        master = false;
        masters = [
          "fd00:e621:e621::1"
        ];
        file = "int.chir.rs.zone";
      };
      "rpz.int.chir.rs" = {
        master = false;
        masters = [
          "fd00:e621:e621::1"
        ];
        file = "rpz.int.chir.rs.zone";
      };
    };
    extraConfig = ''
      statistics-channels {
        ${toString listenEntries}
      };
    '';
    extraOptions = ''
      allow-recursion {
        127.0.0.1;
        ::1;
        fc00::/7;
      };
      recursion yes;
      response-policy {
        zone "rpz.int.chir.rs";
      };
      dnssec-validation yes;
    '';
  };
  networking.firewall.allowedTCPPorts = [ 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];
  services.prometheus.exporters.bind = {
    enable = true;
    bindGroups = [ "server" "view" "tasks" ];
    bindURI = "http://${internalIP.listenIP}:8653/";
    listenAddress = internalIP.listenIP;
  };
}
add bind_exporter 2022-01-15 13:44:34 +00:00			`{ config, ... }:`
			`let`
			`internalIP = import ../../utils/getInternalIP.nix config;`
Another missing semicolon also wrong allow statement 2022-01-15 13:48:28 +00:00			`createListenEntry = ip: "inet ${ip} port 8653 allow { any; };";`
add bind_exporter 2022-01-15 13:44:34 +00:00			`listenEntries = builtins.map createListenEntry internalIP.listenIPsBare;`
			`in`
			`{`
Make named a service 2022-01-14 19:56:02 +00:00			`services.bind = {`
			`enable = true;`
			`zones = {`
			`"darkkirb.de" = {`
			`master = false;`
			`masters = [`
			`"fd00:e621:e621::1"`
			`];`
			`file = "darkkirb.de.zone";`
			`};`
			`"chir.rs" = {`
			`master = false;`
			`masters = [`
			`"fd00:e621:e621::1"`
			`];`
			`file = "chir.rs.zone";`
			`};`
			`"int.chir.rs" = {`
			`master = false;`
			`masters = [`
			`"fd00:e621:e621::1"`
			`];`
			`file = "int.chir.rs.zone";`
			`};`
			`"rpz.int.chir.rs" = {`
			`master = false;`
			`masters = [`
			`"fd00:e621:e621::1"`
			`];`
			`file = "rpz.int.chir.rs.zone";`
			`};`
			`};`
add bind_exporter 2022-01-15 13:44:34 +00:00			`extraConfig = ''`
			`statistics-channels {`
			`${toString listenEntries}`
Add missing semicolon 2022-01-15 13:46:28 +00:00			`};`
add bind_exporter 2022-01-15 13:44:34 +00:00			`'';`
Use a local caching rdns 2022-01-15 14:03:51 +00:00			`extraOptions = ''`
			`allow-recursion {`
			`127.0.0.1;`
			`::1;`
			`fc00::/7;`
			`};`
			`recursion yes;`
			`response-policy {`
			`zone "rpz.int.chir.rs";`
			`};`
			`dnssec-validation yes;`
			`'';`
Make named a service 2022-01-14 19:56:02 +00:00			`};`
			`networking.firewall.allowedTCPPorts = [ 53 ];`
			`networking.firewall.allowedUDPPorts = [ 53 ];`
add bind_exporter 2022-01-15 13:44:34 +00:00			`services.prometheus.exporters.bind = {`
			`enable = true;`
			`bindGroups = [ "server" "view" "tasks" ];`
			`bindURI = "http://${internalIP.listenIP}:8653/";`
			`listenAddress = internalIP.listenIP;`
			`};`
Make named a service 2022-01-14 19:56:02 +00:00			`}`