home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

bind.nix (1279B)


      1 { config, lib, pkgs, ... }:
      2 
      3 let
      4   inherit (lib) mkIf mkEnableOption;
      5   cfg = config.modules.services.bind;
      6 in
      7 {
      8   options = {
      9     modules.services.bind = {
     10       enable = mkEnableOption "Enable bind profile";
     11     };
     12   };
     13   config = mkIf cfg.enable {
     14 
     15     services = {
     16       bind = {
     17         enable = true;
     18         forwarders = [ "8.8.8.8" "8.8.4.4" ];
     19         extraOptions = ''
     20           dnssec-validation no;
     21         '';
     22         cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
     23         zones = [
     24           {
     25             # home
     26             name = "home";
     27             master = true;
     28             slaves = [ ];
     29             file = ../../../secrets/db.home;
     30           }
     31           {
     32             # home.reverse
     33             name = "192.168.1.in-addr.arpa";
     34             master = true;
     35             slaves = [ ];
     36             file = ../../../secrets/db.192.168.1;
     37           }
     38           {
     39             # vpn
     40             name = "vpn";
     41             master = true;
     42             slaves = [ ];
     43             file = ../../../secrets/db.vpn;
     44           }
     45           {
     46             # vpn.reverse
     47             name = "10.100.0.in-addr.arpa";
     48             master = true;
     49             slaves = [ ];
     50             file = ../../../secrets/db.10.100.0;
     51           }
     52         ];
     53       };
     54     };
     55   };
     56 }