66 lines
1.5 KiB
Nix
66 lines
1.5 KiB
Nix
|
{ depot, lib, ... }:
|
||
|
|
||
|
{
|
||
|
config = {
|
||
|
environment.etc."coredns-zones" = {
|
||
|
source = ./zones;
|
||
|
};
|
||
|
|
||
|
firewall.allowedTCPPorts = [
|
||
|
53 # DNS
|
||
|
];
|
||
|
firewall.allowedUDPPorts = [
|
||
|
53 # DNS
|
||
|
];
|
||
|
|
||
|
services.coredns = {
|
||
|
enable = true;
|
||
|
config = let
|
||
|
zones = [
|
||
|
"as205479.net"
|
||
|
"28.118.92.in-addr.arpa"
|
||
|
"29.118.92.in-addr.arpa"
|
||
|
"30.118.92.in-addr.arpa"
|
||
|
"31.118.92.in-addr.arpa"
|
||
|
"0.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"1.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"2.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"3.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"4.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"5.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"6.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
"7.4.4.a.9.0.a.2.ip6.arpa"
|
||
|
];
|
||
|
mkZone = zone: ''
|
||
|
${zone} {
|
||
|
import zonehdr
|
||
|
file /etc/coredns-zones/db.${zone} ${zone}
|
||
|
}
|
||
|
'';
|
||
|
in ''
|
||
|
. {
|
||
|
chaos
|
||
|
log
|
||
|
errors
|
||
|
acl {
|
||
|
allow net 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8
|
||
|
allow net 92.118.28.0/22
|
||
|
allow net 2a09:a440::/29 ::1/128
|
||
|
block
|
||
|
}
|
||
|
forward . 2001:4860:4860::8888 2001:4860:4860::8844 8.8.8.8 8.8.4.4
|
||
|
}
|
||
|
|
||
|
(zonehdr) {
|
||
|
prometheus
|
||
|
log
|
||
|
errors
|
||
|
loadbalance round_robin
|
||
|
}
|
||
|
|
||
|
${lib.concatMapStringsSep "\n" mkZone zones}
|
||
|
'';
|
||
|
};
|
||
|
};
|
||
|
}
|