77 lines
1.6 KiB
Nix
77 lines
1.6 KiB
Nix
{
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
zones = (
|
|
lib.attrsets.mapAttrs' (name: fileType: {
|
|
name = name;
|
|
value = ../data/zones/${name};
|
|
}) (builtins.readDir ../data/zones)
|
|
);
|
|
|
|
knotConf = pkgs.writeText "knot.conf" ''
|
|
server:
|
|
listen: 0.0.0.0@53
|
|
listen: ::@53
|
|
|
|
log:
|
|
- target: syslog
|
|
any: info
|
|
|
|
template:
|
|
- id: default
|
|
storage: /etc/knot/zones
|
|
zonefile-load: difference-no-serial
|
|
semantic-checks: "on"
|
|
journal-content: all
|
|
|
|
zone:
|
|
- domain: noc.eh22.intern
|
|
'';
|
|
in
|
|
{
|
|
imports = [ ];
|
|
|
|
# configure static IP address
|
|
networking.useDHCP = false;
|
|
systemd.network = {
|
|
enable = true;
|
|
networks = {
|
|
"10-mgmtNet" = {
|
|
matchConfig.MACAddress = "bc:24:11:c1:8a:a4";
|
|
address = [ "10.20.25.3/24" ];
|
|
gateway = [ "10.20.25.2" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
# enable knot authorative dns server
|
|
# ref: https://search.nüschtos.de/?query=services.knot
|
|
# https://www.knot-dns.cz/docs/3.4/html/configuration.html
|
|
environment.etc = (
|
|
lib.attrsets.mapAttrs' (name: value: {
|
|
name = "knot/zones/noc.eh22.intern.zone";
|
|
value = {
|
|
source = value;
|
|
};
|
|
}) zones
|
|
);
|
|
|
|
services.knot = {
|
|
enable = true;
|
|
settingsFile = knotConf;
|
|
};
|
|
|
|
# configure remaining network to work
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 53 ];
|
|
allowedUDPPorts = [ 53 ];
|
|
};
|
|
|
|
# DO NOT CHANGE
|
|
# this defines the first version of NixOS that was installed on the machine so that programs with non-migratable data files are kept compatible
|
|
home-manager.users.noc.home.stateVersion = "24.11";
|
|
system.stateVersion = "24.11";
|
|
}
|