about summary refs log tree commit diff stats
path: root/modules/by-name/dn/dns/module.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/by-name/dn/dns/module.nix86
1 files changed, 86 insertions, 0 deletions
diff --git a/modules/by-name/dn/dns/module.nix b/modules/by-name/dn/dns/module.nix
new file mode 100644
index 0000000..8f4ad37
--- /dev/null
+++ b/modules/by-name/dn/dns/module.nix
@@ -0,0 +1,86 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.dns;
+
+  zones =
+    builtins.mapAttrs (name: value: {
+      data =
+        dns.types.zone.renderToString name value;
+    })
+    cfg.zones;
+
+  dns = import ./dns {inherit lib;};
+
+  ports = let
+    parsePorts = listeners: let
+      splitAddress = addr: lib.splitString "@" addr;
+
+      extractPort = addr: let
+        split = splitAddress addr;
+      in
+        lib.toInt (
+          if (builtins.length split) == 2
+          then builtins.elemAt split 1
+          else "53"
+        );
+    in
+      builtins.map extractPort listeners;
+  in
+    lib.unique (parsePorts cfg.interfaces);
+in {
+  options.vhack.dns = {
+    enable = lib.mkEnableOption "custom dns server";
+
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Open the following ports:
+        TCP (${lib.concatStringsSep ", " (map toString ports)})
+        UDP (${lib.concatStringsSep ", " (map toString ports)})
+      '';
+    };
+
+    interfaces = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = ''
+        A list of the interfaces to bind to. To select the port add `@` to the end of the
+        interface. The default port is 53.
+      '';
+      example = [
+        "192.168.1.3"
+        "2001:db8:1::3"
+      ];
+    };
+
+    zones = lib.mkOption {
+      type = lib.types.attrsOf dns.types.zone.zone;
+      description = "DNS zones";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nsd = {
+      enable = true;
+      verbosity = 4;
+      inherit (cfg) interfaces;
+      inherit zones;
+    };
+
+    networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall ports;
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall ports;
+
+    systemd.services.nsd = {
+      requires = [
+        "network-online.target"
+      ];
+      after = [
+        "network.target"
+        "network-online.target"
+      ];
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-18 09:47:51 +0000