From c9902bebc2d38c95cb4c00914d20fb4bcd862b24 Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Mon, 29 Apr 2024 09:23:51 -0500
Subject: [PATCH] Decrypt rndc keys for telperion.

---
 nixos/telperion/configuration.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/nixos/telperion/configuration.nix b/nixos/telperion/configuration.nix
index 4581445..f2bbc80 100644
--- a/nixos/telperion/configuration.nix
+++ b/nixos/telperion/configuration.nix
@@ -10,6 +10,15 @@
       ./hardware-configuration.nix
     ];
 
+  sops = {
+    # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
+    secrets = {
+      "rndc_keys" = {
+        # owner = config.users.users
+      };
+    };
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -41,6 +50,11 @@
     wget
   ];
 
+  services.bind = {
+    enable = true;
+
+  };
+
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   programs.mtr.enable = true;