nix-config/nixos/telperion/config/bind.nix

{config, ...}: 
''
include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";

acl trusted {
  10.33.44.0/24;  # LAN
  10.1.1.0/24;    # Servers
  10.1.2.0/24;    # Trusted
  10.1.3.0/24;    # IoT
  10.1.4.0/24;    # Video
};

zone "jahanson.tech." {
  type master;
  file "${config.sops.secrets."bind/zones/jahanson.tech".path}";
  journal "${config.services.bind.directory}/db.jahanson.tech.jnl";
  allow-transfer {
    key "externaldns";
  };
  update-policy {
    grant externaldns zonesub ANY;
  };
  allow-query {
    trusted;
  };
};
''
Move config around. 2024-04-29 12:49:18 -05:00			`{config, ...}:`
			`''`
			`include "${config.sops.secrets."bind/rndc-keys/externaldns".path}";`

Trust all of the networks 2024-04-29 13:21:58 -05:00			`acl trusted {`
			`10.33.44.0/24; # LAN`
			`10.1.1.0/24; # Servers`
			`10.1.2.0/24; # Trusted`
			`10.1.3.0/24; # IoT`
			`10.1.4.0/24; # Video`
			`};`

Move config around. 2024-04-29 12:49:18 -05:00			`zone "jahanson.tech." {`
			`type master;`
			`file "${config.sops.secrets."bind/zones/jahanson.tech".path}";`
			`journal "${config.services.bind.directory}/db.jahanson.tech.jnl";`
			`allow-transfer {`
			`key "externaldns";`
			`};`
			`update-policy {`
			`grant externaldns zonesub ANY;`
			`};`
add trusted acl to allow-query. 2024-04-29 13:27:49 -05:00			`allow-query {`
			`trusted;`
			`};`
Move config around. 2024-04-29 12:49:18 -05:00			`};`
			`''`