Decrypt rndc keys for telperion.

nixos/telperion/configuration.nix

@@ -10,6 +10,15 @@
       ./hardware-configuration.nix
     ];
 
+  sops = {
+    # Mounts unencrypted sops values at /run/secrets/rndc_keys accessible by root only by default.
+    secrets = {
+      "rndc_keys" = {
+        # owner = config.users.users
+      };
+    };
+  };
+
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
@@ -41,6 +50,11 @@
     wget
   ];
 
+  services.bind = {
+    enable = true;
+
+  };
+
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   programs.mtr.enable = true;