initial commit

services/bind/default.nix

@@ -0,0 +1,7 @@
+{
+  imports = [
+    ./firewall.nix
+    ./options.nix
+    ./service.nix
+  ];
+}

services/bind/firewall.nix

@@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.machine.bind;
+in
+with lib; mkIf cfg.enable {
+  networking.firewall = {
+    allowedTCPPorts = [ cfg.port ];
+    allowedUDPPorts = [ cfg.port ];
+  };
+}

services/bind/options.nix

@@ -0,0 +1,25 @@
+{
+  dns,
+  lib,
+  ...
+}:
+with lib;
+{
+  options.machine.bind = {
+    enable = mkEnableOption "Bind Server";
+    domain = mkOption {
+      type = types.str;
+      description = "Domain name";
+    };
+    port = mkOption {
+      type = types.port;
+      default = 53;
+      description = "Port to listen on.";
+    };
+    zones = mkOption {
+      type = types.attrsOf dns.lib.types.zone;
+      default = { };
+      description = "DNS zones";
+    };
+  };
+}

services/bind/service.nix

@@ -0,0 +1,21 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.machine.bind;
+in
+with lib; mkIf cfg.enable {
+  services.bind = {
+    enable = cfg.enable;
+    listenOnPort = cfg.port;
+    zones = {
+      ${cfg.domain} = {
+        master = true;
+        file = pkgs.writeText "zone-${cfg.domain}" (builtins.toString cfg.zones.${cfg.domain});
+      };
+    };
+  };
+}