dotfiles/modules/nixos/services/bind.nix

{ config, pkgs, lib, ... }:

let

  localIp = "192.168.1.218";
  localServices = [
    config.hostnames.stream
    config.hostnames.content
    config.hostnames.books
    config.hostnames.download
  ];
  mkRecord = service: "${service}       A       ${localIp}";
  localRecords = lib.concatLines (map mkRecord localServices);

in {

  config = lib.mkIf config.services.bind.enable {

    caddy.cidrAllowlist = [ "192.168.0.0/16" ];

    services.bind = {
      cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
      forwarders = [ "1.1.1.1" "1.0.0.1" ];
      ipv4Only = true;

      # Use rpz zone as an override
      extraOptions = ''response-policy { zone "rpz"; };'';

      zones = {
        rpz = {
          master = true;
          file = pkgs.writeText "db.rpz" ''
            $TTL 60  ; 1 minute
            @       IN      SOA     localhost. root.localhost. (
                                    2023071800      ; serial
                                    1h              ; refresh
                                    30m             ; retry
                                    1w              ; expire
                                    30m             ; minimum ttl
                                    )
                    IN      NS      localhost.
            localhost       A       127.0.0.1
            ${localRecords}
          '';
        };
      };

    };

    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];

  };

}
use bind for local dns 2023-07-18 03:52:37 +00:00			`{ config, pkgs, lib, ... }:`
setup bind 2023-07-18 02:37:26 +00:00
use bind for local dns 2023-07-18 03:52:37 +00:00			`let`
setup bind 2023-07-18 02:37:26 +00:00
use bind for local dns 2023-07-18 03:52:37 +00:00			`localIp = "192.168.1.218";`
			`localServices = [`
			`config.hostnames.stream`
			`config.hostnames.content`
			`config.hostnames.books`
			`config.hostnames.download`
			`];`
			`mkRecord = service: "${service} A ${localIp}";`
			`localRecords = lib.concatLines (map mkRecord localServices);`

			`in {`

			`config = lib.mkIf config.services.bind.enable {`
setup bind 2023-07-18 02:37:26 +00:00
use bind for local dns 2023-07-18 03:52:37 +00:00			`caddy.cidrAllowlist = [ "192.168.0.0/16" ];`
setup bind 2023-07-18 02:37:26 +00:00
use bind for local dns 2023-07-18 03:52:37 +00:00			`services.bind = {`
			`cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];`
setup bind 2023-07-18 02:37:26 +00:00			`forwarders = [ "1.1.1.1" "1.0.0.1" ];`
use bind for local dns 2023-07-18 03:52:37 +00:00			`ipv4Only = true;`
setup bind 2023-07-18 02:37:26 +00:00
			`# Use rpz zone as an override`
			`extraOptions = ''response-policy { zone "rpz"; };'';`

			`zones = {`
			`rpz = {`
			`master = true;`
			`file = pkgs.writeText "db.rpz" ''`
			`$TTL 60 ; 1 minute`
			`@ IN SOA localhost. root.localhost. (`
			`2023071800 ; serial`
			`1h ; refresh`
			`30m ; retry`
			`1w ; expire`
			`30m ; minimum ttl`
			`)`
			`IN NS localhost.`
			`localhost A 127.0.0.1`
use bind for local dns 2023-07-18 03:52:37 +00:00			`${localRecords}`
setup bind 2023-07-18 02:37:26 +00:00			`'';`
			`};`
			`};`

			`};`

use bind for local dns 2023-07-18 03:52:37 +00:00			`networking.firewall.allowedTCPPorts = [ 53 ];`
			`networking.firewall.allowedUDPPorts = [ 53 ];`

setup bind 2023-07-18 02:37:26 +00:00			`};`

			`}`