args@{ config, lib, meta, name, sources, ... }: let inherit (lib) mkEnableOption mkIf; dns = import sources."dns.nix"; cfg = config.dgn-dns; in { options.dgn-dns = { enable = mkEnableOption "an authoritative dns service on this server."; }; config = mkIf cfg.enable { services.nsd = { enable = true; interfaces = meta.network.${name}.addresses.public; zones = import ./zones (args // { inherit dns; }); }; networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; }; }