nixos-servers/services/ns/master-authorative.nix

{ ... }:
{
  sops.secrets.ns_xfer_key = {
    path = "/etc/nsd/xfer.key";
  };

  networking.firewall.allowedTCPPorts = [ 8053 ];
  networking.firewall.allowedUDPPorts = [ 8053 ];

  services.nsd = {
    enable = true;
    port = 8053;
    ipv6 = false;
    verbosity = 2;
    identity = "home.2rjus.net server";
    interfaces = [ "0.0.0.0" ];

    keys = {
      "xferkey" = {
        algorithm = "hmac-sha256";
        keyFile = "/etc/nsd/xfer.key";
      };
    };

    zones = {
      "home.2rjus.net" = {
        provideXFR = [ "10.69.13.6 xferkey" ];
        notify = [ "10.69.13.6@8053 xferkey" ];
        data = builtins.readFile ./zones-home-2rjus-net.conf;
      };
    };
  };
}
Improve ns stuff 2024-03-11 17:23:01 +00:00			`{ ... }:`
			`{`
			`sops.secrets.ns_xfer_key = {`
			`path = "/etc/nsd/xfer.key";`
			`};`

			`networking.firewall.allowedTCPPorts = [ 8053 ];`
			`networking.firewall.allowedUDPPorts = [ 8053 ];`

Initial commit 2024-03-07 22:14:44 +00:00			`services.nsd = {`
			`enable = true;`
			`port = 8053;`
Improve ns stuff 2024-03-11 17:23:01 +00:00			`ipv6 = false;`
			`verbosity = 2;`
Start changing ns stuff to home.2rjus.net 2024-03-12 18:44:41 +00:00			`identity = "home.2rjus.net server";`
Improve ns stuff 2024-03-11 17:23:01 +00:00			`interfaces = [ "0.0.0.0" ];`

			`keys = {`
			`"xferkey" = {`
			`algorithm = "hmac-sha256";`
			`keyFile = "/etc/nsd/xfer.key";`
			`};`
			`};`
Initial commit 2024-03-07 22:14:44 +00:00
Add template host 2024-03-08 19:10:50 +00:00			`zones = {`
Start changing ns stuff to home.2rjus.net 2024-03-12 18:44:41 +00:00			`"home.2rjus.net" = {`
Add ns1 and ns2 2024-03-13 22:22:10 +00:00			`provideXFR = [ "10.69.13.6 xferkey" ];`
			`notify = [ "10.69.13.6@8053 xferkey" ];`
Start changing ns stuff to home.2rjus.net 2024-03-12 18:44:41 +00:00			`data = builtins.readFile ./zones-home-2rjus-net.conf;`
Add template host 2024-03-08 19:10:50 +00:00			`};`
Initial commit 2024-03-07 22:14:44 +00:00			`};`
			`};`
			`}`