nixos-servers/services/ns/secondary-authorative.nix

{ ... }:
{
  sops.secrets.ns_xfer_key = {
    path = "/etc/nsd/xfer.key";
  };
  networking.firewall.allowedTCPPorts = [ 8053 ];
  networking.firewall.allowedUDPPorts = [ 8053 ];
  services.nsd = {
    enable = true;
    port = 8053;
    ipv6 = false;
    verbosity = 2;
    identity = "test.2rjus.net server";
    interfaces = [ "0.0.0.0" ];

    keys = {
      "xferkey" = {
        algorithm = "hmac-sha256";
        keyFile = "/etc/nsd/xfer.key";
      };
    };

    zones = {
      "test.2rjus.net" = {
        allowNotify = [ "10.69.13.7 xferkey" ];
        requestXFR = [ "AXFR 10.69.13.7@8053 xferkey" ];
        data = builtins.readFile ./zones-test-2rjus-net.conf;
      };
    };
  };
}
Improve ns stuff 2024-03-11 17:23:01 +00:00			`{ ... }:`
			`{`
			`sops.secrets.ns_xfer_key = {`
			`path = "/etc/nsd/xfer.key";`
			`};`
			`networking.firewall.allowedTCPPorts = [ 8053 ];`
			`networking.firewall.allowedUDPPorts = [ 8053 ];`
			`services.nsd = {`
			`enable = true;`
			`port = 8053;`
			`ipv6 = false;`
			`verbosity = 2;`
			`identity = "test.2rjus.net server";`
			`interfaces = [ "0.0.0.0" ];`

			`keys = {`
			`"xferkey" = {`
			`algorithm = "hmac-sha256";`
			`keyFile = "/etc/nsd/xfer.key";`
			`};`
			`};`

			`zones = {`
			`"test.2rjus.net" = {`
			`allowNotify = [ "10.69.13.7 xferkey" ];`
			`requestXFR = [ "AXFR 10.69.13.7@8053 xferkey" ];`
			`data = builtins.readFile ./zones-test-2rjus-net.conf;`
			`};`
			`};`
			`};`
			`}`