bind.nix (1279B)
1 { config, lib, pkgs, ... }: 2 3 let 4 inherit (lib) mkIf mkEnableOption; 5 cfg = config.modules.services.bind; 6 in 7 { 8 options = { 9 modules.services.bind = { 10 enable = mkEnableOption "Enable bind profile"; 11 }; 12 }; 13 config = mkIf cfg.enable { 14 15 services = { 16 bind = { 17 enable = true; 18 forwarders = [ "8.8.8.8" "8.8.4.4" ]; 19 extraOptions = '' 20 dnssec-validation no; 21 ''; 22 cacheNetworks = [ "192.168.1.0/24" "127.0.0.0/8" "10.100.0.0/24" ]; 23 zones = [ 24 { 25 # home 26 name = "home"; 27 master = true; 28 slaves = [ ]; 29 file = ../../../secrets/db.home; 30 } 31 { 32 # home.reverse 33 name = "192.168.1.in-addr.arpa"; 34 master = true; 35 slaves = [ ]; 36 file = ../../../secrets/db.192.168.1; 37 } 38 { 39 # vpn 40 name = "vpn"; 41 master = true; 42 slaves = [ ]; 43 file = ../../../secrets/db.vpn; 44 } 45 { 46 # vpn.reverse 47 name = "10.100.0.in-addr.arpa"; 48 master = true; 49 slaves = [ ]; 50 file = ../../../secrets/db.10.100.0; 51 } 52 ]; 53 }; 54 }; 55 }; 56 }