Improve ns stuff

2024-03-11 18:23:01 +01:00
parent e40c987cd0
commit 5b838771e3
12 changed files with 226 additions and 19 deletions
--- a/services/ns/master-authorative.nix
+++ b/services/ns/master-authorative.nix
@@ -1,11 +1,31 @@
-{ ... }: {
+{ ... }:
+{
+  sops.secrets.ns_xfer_key = {
+    path = "/etc/nsd/xfer.key";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8053 ];
+  networking.firewall.allowedUDPPorts = [ 8053 ];
+
  services.nsd = {
    enable = true;
    port = 8053;
+    ipv6 = false;
+    verbosity = 2;
+    identity = "test.2rjus.net server";
+    interfaces = [ "0.0.0.0" ];
+
+    keys = {
+      "xferkey" = {
+        algorithm = "hmac-sha256";
+        keyFile = "/etc/nsd/xfer.key";
+      };
+    };

    zones = {
-      "test.2rjus.net." = {
-        provideXFR = [ "10.69.0.0/16 NOKEY" ];
+      "test.2rjus.net" = {
+        provideXFR = [ "10.69.13.8 xferkey" ];
+        notify = [ "10.69.13.8@8053 xferkey" ];
        data = builtins.readFile ./zones-test-2rjus-net.conf;
      };
    };