2022-12-14 17:02:17 +00:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
config,
|
|
|
|
dns,
|
|
|
|
hosts-list,
|
|
|
|
...
|
|
|
|
}: let
|
2022-12-14 17:16:18 +00:00
|
|
|
internalIP = import ../../utils/getInternalIP.nix config;
|
2022-12-14 17:02:17 +00:00
|
|
|
mkZone = name: {
|
|
|
|
master = false;
|
2023-02-02 19:15:16 +00:00
|
|
|
masters = ["100.119.226.33" "fd7a:115c:a1e0:ab12:4843:cd96:6277:e221"];
|
2022-12-14 17:02:17 +00:00
|
|
|
file = "/var/lib/named/${name}";
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
services.bind = {
|
2022-12-14 17:23:54 +00:00
|
|
|
enable = true;
|
2022-12-14 17:02:17 +00:00
|
|
|
zones = {
|
|
|
|
"darkkirb.de" = mkZone "darkkirb.de";
|
|
|
|
"chir.rs" = mkZone "chir.rs";
|
2022-12-14 18:50:12 +00:00
|
|
|
"int.chir.rs" = mkZone "int.chir.rs";
|
2022-12-15 16:07:28 +00:00
|
|
|
"rpz.int.chir.rs" = mkZone "rpz.int.chir.rs";
|
2022-12-14 17:02:17 +00:00
|
|
|
"shitallover.me" = mkZone "shitallover.me";
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
statistics-channels {
|
2023-02-02 19:15:16 +00:00
|
|
|
inet 127.0.0.1 port 8653 allow { 127.0.0.1; };
|
2022-12-14 17:02:17 +00:00
|
|
|
};
|
|
|
|
'';
|
|
|
|
extraOptions = ''
|
|
|
|
allow-recursion {
|
|
|
|
127.0.0.1;
|
|
|
|
::1;
|
|
|
|
fc00::/7;
|
2023-02-02 19:15:16 +00:00
|
|
|
100.0.0.0/8;
|
2022-12-14 17:02:17 +00:00
|
|
|
};
|
|
|
|
recursion yes;
|
|
|
|
dnssec-validation yes;
|
2023-02-02 19:15:16 +00:00
|
|
|
allow-notify { 130.162.60.127; 2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49; 138.201.155.128; 2a01:4f8:1c17:d953:b4e1:8ff:e658:6f49; fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49; 100.119.226.33; fd7a:115c:a1e0:ab12:4843:cd96:6277:e221; };
|
2022-12-15 16:07:28 +00:00
|
|
|
response-policy {zone "rpz.int.chir.rs";};
|
2022-12-14 17:02:17 +00:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [53];
|
|
|
|
networking.firewall.allowedUDPPorts = [53];
|
|
|
|
services.prometheus.exporters.bind = {
|
|
|
|
enable = true;
|
|
|
|
bindGroups = ["server" "view" "tasks"];
|
2023-02-02 19:15:16 +00:00
|
|
|
bindURI = "http://127.0.0.1:8653/";
|
2022-12-14 17:02:17 +00:00
|
|
|
};
|
2022-12-14 18:50:12 +00:00
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d /var/lib/named 4700 named named - -"
|
|
|
|
];
|
2022-12-14 17:02:17 +00:00
|
|
|
}
|