Add bind service.
This commit is contained in:
parent
97cfcc7957
commit
94589735dc
GPG key ID:
C0F1D326C7626543
1 changed files with 29 additions and 0 deletions
29
services/bind.nix
Normal file
29
services/bind.nix
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
# This Configuration is meant for local DNS setups only!
|
||||||
|
{ options, config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with builtins;
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
fn = import (../. + (toPath "/fn.nix")) { inherit lib; };
|
||||||
|
cfg = config.machine;
|
||||||
|
in mkIf (elem "bind" cfg.services) {
|
||||||
|
services.bind = {
|
||||||
|
enable = true;
|
||||||
|
listenOn = [ "127.0.0.1" ];
|
||||||
|
forwarders = [
|
||||||
|
# Cloudflare CDN
|
||||||
|
"1.1.1.1" "1.0.0.1"
|
||||||
|
#CCC DNS
|
||||||
|
"204.152.184.76" "159.203.38.175" "207.148.83.241"
|
||||||
|
];
|
||||||
|
# TODO: add DNSSEC
|
||||||
|
extraOptions = ''
|
||||||
|
dnssec-validation auto;
|
||||||
|
|
||||||
|
recursion yes;
|
||||||
|
allow-recursion { 127.0.0.1; };
|
||||||
|
version none;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue