Improve ns stuff

2024-03-11 18:23:01 +01:00
parent e40c987cd0
commit 5b838771e3
12 changed files with 226 additions and 19 deletions
--- a/services/ns/secondary-authorative.nix
+++ b/services/ns/secondary-authorative.nix
@@ -0,0 +1,31 @@
+{ ... }:
+{
+  sops.secrets.ns_xfer_key = {
+    path = "/etc/nsd/xfer.key";
+  };
+  networking.firewall.allowedTCPPorts = [ 8053 ];
+  networking.firewall.allowedUDPPorts = [ 8053 ];
+  services.nsd = {
+    enable = true;
+    port = 8053;
+    ipv6 = false;
+    verbosity = 2;
+    identity = "test.2rjus.net server";
+    interfaces = [ "0.0.0.0" ];
+
+    keys = {
+      "xferkey" = {
+        algorithm = "hmac-sha256";
+        keyFile = "/etc/nsd/xfer.key";
+      };
+    };
+
+    zones = {
+      "test.2rjus.net" = {
+        allowNotify = [ "10.69.13.7 xferkey" ];
+        requestXFR = [ "AXFR 10.69.13.7@8053 xferkey" ];
+        data = builtins.readFile ./zones-test-2rjus-net.conf;
+      };
+    };
+  };
+}