modules/powerdns/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

{ config, lib, pkgs, ... }:

let
  primary = ''
    allow-axfr-ips = 10.0.0.0/8,127.0.0.0/8
    allow-dnsupdate-from = 10.0.0.0/8,127.0.0.0/8
    also-notify = 10.10.0.3 10.10.0.4 10.10.0.5
    only-notify =

    default-soa-content = primary.ns.vapor.systems hostmaster.@ 0 10800 3600 604800 3600

    gpgsql-dbname = pdns
    gpgsql-host = /var/run/postgresql
    gpgsql-port = 5432
    gpgsql-user = pdns
    launch = gpgsql

    api = yes
    local-address = 0.0.0.0 [::]
    primary = yes
    webserver = yes
    webserver-address = 10.10.0.1
    webserver-allow-from = 10.0.0.0/8,127.0.0.0/8
    api-key = $PDNS_API_KEY
  '';

  autoprimary = pkgs.writeText "autoprimary.conf" ''
    10.10.0.1
  '';

  bind = pkgs.writeText "named.conf" ''
    include "/var/lib/pdns/named-autosecondary.conf";
  '';

  secondary = ''
    autosecondary = yes
    bind-config = ${bind}
    bind-autoprimary-config = /var/lib/pdns/named-autosecondary.conf
    bind-autoprimary-destdir = /var/lib/pdns/zones
    bind-autoprimaries = ${autoprimary}
    guardian = yes
    launch = bind
    local-address = 0.0.0.0 [::]
    secondary = yes

    allow-notify-from = 10.10.0.1/32
  '';
in
{
  imports = [ ./primary.nix ];

  options.services.powerdns = {
    role = lib.mkOption {
      type = lib.types.enum [ "primary" "secondary" ];
    };
  };

  config = {
    environment.systemPackages = [ pkgs.powerdns ];
    services.powerdns = {
      enable = true;
      extraConfig =
        if config.services.powerdns.role == "primary"
        then primary
        else secondary;
      secretFile = "/etc/secrets/pdns_api.env";
    };
  };
}