From 94589735dcc11e21e92103b098139cc87f0768da Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Sun, 29 Jan 2023 14:39:14 +0100
Subject: [PATCH] Add bind service.

---
 services/bind.nix | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 services/bind.nix

diff --git a/services/bind.nix b/services/bind.nix
new file mode 100644
index 0000000..885e80d
--- /dev/null
+++ b/services/bind.nix
@@ -0,0 +1,29 @@
+# This Configuration is meant for local DNS setups only!
+{ options, config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+  fn = import (../. + (toPath "/fn.nix")) { inherit lib; };
+  cfg = config.machine;
+in mkIf (elem "bind" cfg.services) {
+  services.bind = {
+    enable = true;
+    listenOn = [ "127.0.0.1" ];
+    forwarders = [
+      # Cloudflare CDN
+      "1.1.1.1" "1.0.0.1"
+      #CCC DNS
+      "204.152.184.76" "159.203.38.175" "207.148.83.241"
+    ];
+    # TODO: add DNSSEC
+    extraOptions = ''
+      dnssec-validation auto;
+
+      recursion yes;
+      allow-recursion { 127.0.0.1; };
+      version none;
+    '';
+  };
+}