networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
users.users.named.extraGroups = [ "keys" ];
- secrets.keys = lib.mapAttrsToList (k: v:
- {
- dest = "bind/${k}.key";
+ secrets.keys = lib.mapAttrs' (k: v:
+ lib.nameValuePair "bind/${k}.key" {
permissions = "0400";
user = "named";
text = ''