From 9e8bac683491a04aa6409e17076d9cf1b30519b4 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Mon, 17 Jul 2023 22:37:26 -0400
Subject: [PATCH] setup bind

---
 flake.nix                       |  1 +
 modules/nixos/services/bind.nix | 37 +++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 modules/nixos/services/bind.nix

diff --git a/flake.nix b/flake.nix
index e2c04fb..53182a7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -126,6 +126,7 @@
         mail.smtpHost = "smtp.purelymail.com";
         dotfilesRepo = "git@github.com:nmasur/dotfiles";
         hostnames = {
+          zone = baseName;
           git = "git.${baseName}";
           metrics = "metrics.${baseName}";
           prometheus = "prom.${baseName}";
diff --git a/modules/nixos/services/bind.nix b/modules/nixos/services/bind.nix
new file mode 100644
index 0000000..f4b2fa4
--- /dev/null
+++ b/modules/nixos/services/bind.nix
@@ -0,0 +1,37 @@
+{ pkgs, ... }: {
+
+  config = {
+
+    services.bind = {
+
+      cacheNetworks = [ "192.168.0.0/16" ];
+
+      forwarders = [ "1.1.1.1" "1.0.0.1" ];
+
+      # Use rpz zone as an override
+      extraOptions = ''response-policy { zone "rpz"; };'';
+
+      zones = {
+        rpz = {
+          master = true;
+          file = pkgs.writeText "db.rpz" ''
+            $TTL 60  ; 1 minute
+            @       IN      SOA     localhost. root.localhost. (
+                                    2023071800      ; serial
+                                    1h              ; refresh
+                                    30m             ; retry
+                                    1w              ; expire
+                                    30m             ; minimum ttl
+                                    )
+                    IN      NS      localhost.
+            localhost       A       127.0.0.1
+            stream          A       192.168.0.218
+          '';
+        };
+      };
+
+    };
+
+  };
+
+}