77 lines
1.8 KiB
Nix
77 lines
1.8 KiB
Nix
{ depot, lib, config, ... }:
|
|
|
|
{
|
|
options.my.coredns.bind = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [];
|
|
};
|
|
|
|
config = {
|
|
environment.etc."coredns-zones" = {
|
|
source = "${./zones}";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
53 # DNS
|
|
];
|
|
networking.firewall.allowedUDPPorts = [
|
|
53 # DNS
|
|
];
|
|
|
|
systemd.services.coredns.unitConfig.StartLimitIntervalSec = "0";
|
|
services.coredns = {
|
|
enable = true;
|
|
config = let
|
|
zones = [
|
|
"as205479.net"
|
|
"28.118.92.in-addr.arpa"
|
|
"29.118.92.in-addr.arpa"
|
|
"30.118.92.in-addr.arpa"
|
|
"31.118.92.in-addr.arpa"
|
|
"0.4.4.a.9.0.a.2.ip6.arpa"
|
|
"1.4.4.a.9.0.a.2.ip6.arpa"
|
|
"2.4.4.a.9.0.a.2.ip6.arpa"
|
|
"3.4.4.a.9.0.a.2.ip6.arpa"
|
|
"4.4.4.a.9.0.a.2.ip6.arpa"
|
|
"5.4.4.a.9.0.a.2.ip6.arpa"
|
|
"6.4.4.a.9.0.a.2.ip6.arpa"
|
|
"7.4.4.a.9.0.a.2.ip6.arpa"
|
|
];
|
|
mkZone = zone: ''
|
|
${zone} {
|
|
import zonehdr
|
|
file /etc/coredns-zones/db.${zone} ${zone}
|
|
}
|
|
'';
|
|
in ''
|
|
(global) {
|
|
bind ${lib.concatStringsSep " " config.my.coredns.bind}
|
|
}
|
|
|
|
. {
|
|
import global
|
|
chaos
|
|
log
|
|
errors
|
|
acl {
|
|
allow net 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 100.64.0.0/10
|
|
allow net 92.118.28.0/22
|
|
allow net 2a09:a440::/29 ::1/128
|
|
block
|
|
}
|
|
forward . 2001:4860:4860::8888 2001:4860:4860::8844 8.8.8.8 8.8.4.4
|
|
}
|
|
|
|
(zonehdr) {
|
|
import global
|
|
prometheus
|
|
log
|
|
errors
|
|
loadbalance round_robin
|
|
}
|
|
|
|
${lib.concatMapStringsSep "\n" mkZone zones}
|
|
'';
|
|
};
|
|
};
|
|
}
|