111 lines
3.4 KiB
Nix
111 lines
3.4 KiB
Nix
Service "BIND: DNS-Server"
|
|
{
|
|
configuration
|
|
= { core, network, ... }:
|
|
let
|
|
inherit(core) list string;
|
|
inherit(network) domain hostName ips peers tcp;
|
|
inherit(tcp) ports;
|
|
|
|
hostDomain = "${hostName}.${domain}";
|
|
master = true;
|
|
masters = [ ];
|
|
/*domainList
|
|
= [
|
|
domain
|
|
hostDomain
|
|
"blog.${domain}"
|
|
"git.${domain}"
|
|
"grafana.${domain}"
|
|
"prometheus.${domain}"
|
|
"static.${domain}"
|
|
];
|
|
systemdAfterList
|
|
= list.mapValuesToSet
|
|
(
|
|
domain:
|
|
{
|
|
name = "$acme-{domain}";
|
|
value = { after = [ "bind.service" ]; };
|
|
}
|
|
)
|
|
domainList;*/
|
|
ipsFromPeer
|
|
= list.concatMap
|
|
({ network, ... }: network.ips);
|
|
allowedIPs
|
|
= string.concatMappedLines
|
|
(ip: "allow ${ip};")
|
|
ips;
|
|
extraConfig
|
|
= ''
|
|
${allowedIPs}
|
|
deny all;
|
|
'';
|
|
in
|
|
{
|
|
bind
|
|
= {
|
|
enable = true;
|
|
forwarders
|
|
= ipsFromPeer
|
|
(
|
|
list.filter
|
|
({ type ? {}, ... }: type.dns-forwarder or false)
|
|
peers
|
|
);
|
|
cacheNetworks
|
|
= [
|
|
"127.0.0.0/8"
|
|
"::/64"
|
|
];
|
|
zones
|
|
= [
|
|
{
|
|
name = domain;
|
|
# TODO: Generate Zone-File
|
|
file = "${./zones}/${domain}";
|
|
inherit master masters;
|
|
slaves
|
|
= ipsFromPeer
|
|
(
|
|
list.filter
|
|
({ type, ... }: type.dns-secondary or false)
|
|
peers
|
|
);
|
|
}
|
|
];
|
|
};
|
|
|
|
nginx.virtualHosts.${hostDomain}.locations."/metrics/bind"
|
|
= {
|
|
inherit extraConfig;
|
|
proxyPass = "http://localhost:${string ports.exporters.bind}/metrics";
|
|
};
|
|
|
|
prometheus
|
|
= {
|
|
exporters.bind
|
|
= {
|
|
enable = true;
|
|
port = ports.exporters.bind;
|
|
};
|
|
scrapeConfigs
|
|
= [
|
|
{
|
|
job_name = "bind";
|
|
metrics_path = "/metrics/bind";
|
|
scheme = "https";
|
|
scrape_interval = "30s";
|
|
static_configs
|
|
= [
|
|
{
|
|
targets = [ hostDomain ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|