nixos-config/config/services/named-submissive.nix

60 lines
1.4 KiB
Nix
Raw Normal View History

2022-12-14 17:02:17 +00:00
{
pkgs,
config,
dns,
...
}: let
mkZone = name: {
master = false;
2023-02-02 19:15:16 +00:00
masters = ["100.119.226.33" "fd7a:115c:a1e0:ab12:4843:cd96:6277:e221"];
2022-12-14 17:02:17 +00:00
file = "/var/lib/named/${name}";
};
in {
services.bind = {
enable = true;
2022-12-14 17:02:17 +00:00
zones = {
"chir.rs" = mkZone "chir.rs";
2022-12-14 18:50:12 +00:00
"int.chir.rs" = mkZone "int.chir.rs";
2022-12-14 17:02:17 +00:00
};
extraConfig = ''
statistics-channels {
2023-02-02 19:15:16 +00:00
inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
2022-12-14 17:02:17 +00:00
};
'';
extraOptions = ''
allow-recursion {
127.0.0.1;
::1;
fc00::/7;
2023-02-02 19:15:16 +00:00
100.0.0.0/8;
2022-12-14 17:02:17 +00:00
};
recursion yes;
dnssec-validation yes;
2023-02-02 19:15:16 +00:00
allow-notify { 130.162.60.127; 2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49; 138.201.155.128; 2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49; fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49; 100.119.226.33; fd7a:115c:a1e0:ab12:4843:cd96:6277:e221; };
2022-12-14 17:02:17 +00:00
'';
};
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [53];
services.prometheus.exporters.bind = {
enable = true;
bindGroups = ["server" "view" "tasks"];
2023-02-02 19:15:16 +00:00
bindURI = "http://127.0.0.1:8653/";
2023-12-10 09:36:28 +00:00
port = 1533;
2022-12-14 17:02:17 +00:00
};
2023-12-10 09:36:28 +00:00
services.prometheus.scrapeConfigs = [
{
job_name = "bind";
static_configs = [
{
targets = [
2023-12-10 10:37:09 +00:00
"127.0.0.1:${toString config.services.prometheus.exporters.bind.port}"
2023-12-10 09:36:28 +00:00
];
}
];
}
];
2022-12-14 18:50:12 +00:00
systemd.tmpfiles.rules = [
"d /var/lib/named 4700 named named - -"
];
2022-12-14 17:02:17 +00:00
}