2283ee602a
This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf>
28 lines
640 B
Nix
28 lines
640 B
Nix
{ config, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
dns = import (builtins.fetchTarball "https://github.com/kirelagin/dns.nix/archive/master.tar.gz");
|
|
my = config.my;
|
|
in
|
|
{
|
|
services.unbound = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
access-control = [ "127.0.0.0/8 allow" "::1/128 allow" ] ++ map (v: "${v} allow") my.privateRanges;
|
|
interface = [ "127.0.0.1" ] ++ my.ipv4;
|
|
};
|
|
};
|
|
};
|
|
services.nsd = {
|
|
enable = true;
|
|
interfaces = my.ipv6.standard;
|
|
zones = {
|
|
${my.subZone} = {
|
|
data = dns.lib.toString my.subZone (import ./subZone.nix { inherit dns config; });
|
|
};
|
|
};
|
|
};
|
|
}
|