blob: b2f69939af99371b9ee2c052959044b3a77f4c0a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
{ config, lib, pkgs, ... }:
let
primary = ''
allow-axfr-ips = 10.0.0.0/8,127.0.0.0/8
allow-dnsupdate-from = 10.0.0.0/8,127.0.0.0/8
also-notify = 10.10.0.3 10.10.0.4 10.10.0.5
only-notify =
default-soa-content = primary.ns.vapor.systems hostmaster.@ 0 10800 3600 604800 3600
gpgsql-dbname = pdns
gpgsql-host = /var/run/postgresql
gpgsql-port = 5432
gpgsql-user = pdns
launch = gpgsql
api = yes
local-address = 10.10.0.1 [2a0f:9400:8020:beef::1]
primary = yes
webserver = yes
webserver-address = 0.0.0.0
webserver-allow-from = 10.0.0.0/8,127.0.0.0/8
api-key = $PDNS_API_KEY
'';
autoprimary = pkgs.writeText "autoprimary.conf" ''
10.10.0.1
'';
bind = pkgs.writeText "named.conf" ''
include "/var/lib/pdns/named-autosecondary.conf";
'';
secondary = ''
autosecondary = yes
bind-config = ${bind}
bind-autoprimary-config = /var/lib/pdns/named-autosecondary.conf
bind-autoprimary-destdir = /var/lib/pdns/zones
bind-autoprimaries = ${autoprimary}
guardian = yes
launch = bind
local-address = 0.0.0.0 [::]
secondary = yes
allow-notify-from = 10.10.0.1/32
webserver = yes
webserver-address = 0.0.0.0
webserver-allow-from = 10.0.0.0/8,127.0.0.0/8
'';
in
{
imports = [ ./primary.nix ];
options.services.powerdns = {
role = lib.mkOption {
type = lib.types.enum [ "primary" "secondary" ];
};
};
config = {
environment.systemPackages = [ pkgs.pdns ];
services.powerdns = {
enable = true;
extraConfig =
if config.services.powerdns.role == "primary"
then primary
else secondary;
secretFile = "/etc/secrets/pdns_api.env";
};
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
};
}
|
