mochi/nixos/hosts/telperion/config/bind.nix

{ config, ... }:
''
  include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";

  acl trusted {
    10.33.44.0/24;  # LAN
    10.1.1.0/24;    # Servers
    10.1.2.0/24;    # Trusted
    10.1.3.0/24;    # IoT
    10.1.4.0/24;    # Video
  };

  zone "jahanson.tech." {
    type master;
    file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
    journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
    allow-transfer {
      key "externaldns";
    };
    update-policy {
      grant externaldns zonesub ANY;
    };
    allow-query {
      trusted;
    };
  };
''
reformat 2024-12-27 21:30:25 -06:00			`{ config, ... }:`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`''`
reformat 2024-12-27 21:30:25 -06:00			`include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00
reformat 2024-12-27 21:30:25 -06:00			`acl trusted {`
			`10.33.44.0/24; # LAN`
			`10.1.1.0/24; # Servers`
			`10.1.2.0/24; # Trusted`
			`10.1.3.0/24; # IoT`
			`10.1.4.0/24; # Video`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`};`
reformat 2024-12-27 21:30:25 -06:00
			`zone "jahanson.tech." {`
			`type master;`
			`file "${config.sops.secrets."bind/zones/jahanson.tech".path}";`
			`journal "${config.services.bind.directory}/db.jahanson.tech.jnl";`
			`allow-transfer {`
			`key "externaldns";`
			`};`
			`update-policy {`
			`grant externaldns zonesub ANY;`
			`};`
			`allow-query {`
			`trusted;`
			`};`
add bind and onepassword-connect services and enable them on telperion 2024-07-07 12:27:41 -05:00			`};`
reformat 2024-12-27 21:30:25 -06:00			`''`