nixos-config/config/services/named-submissive.nix

{
  pkgs,
  config,
  dns,
  hosts-list,
  ...
}: let
  mkZone = name: {
    master = false;
    masters = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];
    file = "/var/lib/named/${name}";
  };
in {
  services.bind = {
    zones = {
      "darkkirb.de" = mkZone "darkkirb.de";
      "_acme-challenge.darkkirb.de" = mkZone "_acme-challenge.darkkirb.de";
      "chir.rs" = mkZone "chir.rs";
      "_acme-challenge.chir.rs" = mkZone "_acme-challenge.chir.rs";
      "int.chir.rs" = mkZone ".intchir.rs";
      "_acme-challenge.int.chir.rs" = mkZone "_acme-challenge.int.chir.rs";
      "shitallover.me" = mkZone "shitallover.me";
      "_acme-challenge.shitallover.me" = mkZone "_acme-challenge.shitallover.me";
    };
    extraConfig = ''
      statistics-channels {
        ${toString listenEntries}
      };
      include "/run/secrets/services/dns/named-keys";
    '';
    extraOptions = ''
      allow-recursion {
        127.0.0.1;
        ::1;
        fc00::/7;
      };
      recursion yes;
      dnssec-validation yes;
    '';
  };
  networking.firewall.allowedTCPPorts = [53];
  networking.firewall.allowedUDPPorts = [53];
  services.prometheus.exporters.bind = {
    enable = true;
    bindGroups = ["server" "view" "tasks"];
    bindURI = "http://${internalIP.listenIP}:8653/";
    listenAddress = internalIP.listenIP;
  };
}
Add named on instance-20221213-1915 2022-12-14 17:02:17 +00:00			`{`
			`pkgs,`
			`config,`
			`dns,`
			`hosts-list,`
			`...`
			`}: let`
			`mkZone = name: {`
			`master = false;`
			`masters = ["fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49"];`
			`file = "/var/lib/named/${name}";`
			`};`
			`in {`
			`services.bind = {`
			`zones = {`
			`"darkkirb.de" = mkZone "darkkirb.de";`
			`"_acme-challenge.darkkirb.de" = mkZone "_acme-challenge.darkkirb.de";`
			`"chir.rs" = mkZone "chir.rs";`
			`"_acme-challenge.chir.rs" = mkZone "_acme-challenge.chir.rs";`
			`"int.chir.rs" = mkZone ".intchir.rs";`
			`"_acme-challenge.int.chir.rs" = mkZone "_acme-challenge.int.chir.rs";`
			`"shitallover.me" = mkZone "shitallover.me";`
			`"_acme-challenge.shitallover.me" = mkZone "_acme-challenge.shitallover.me";`
			`};`
			`extraConfig = ''`
			`statistics-channels {`
			`${toString listenEntries}`
			`};`
			`include "/run/secrets/services/dns/named-keys";`
			`'';`
			`extraOptions = ''`
			`allow-recursion {`
			`127.0.0.1;`
			`::1;`
			`fc00::/7;`
			`};`
			`recursion yes;`
			`dnssec-validation yes;`
			`'';`
			`};`
			`networking.firewall.allowedTCPPorts = [53];`
			`networking.firewall.allowedUDPPorts = [53];`
			`services.prometheus.exporters.bind = {`
			`enable = true;`
			`bindGroups = ["server" "view" "tasks"];`
			`bindURI = "http://${internalIP.listenIP}:8653/";`
			`listenAddress = internalIP.listenIP;`
			`};`
			`}`