) listOfAttrs
) [{}] (attrNames attrsOfLists);
cfg = config.services.bind;
- keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"/var/secrets/bind/${v}.key\";") (builtins.attrNames config.myEnv.dns.keys));
+ keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"${config.secrets.fullPaths."bind/${v}.key"}\";") (builtins.attrNames config.myEnv.dns.keys));
cartProduct = lib.foldr
(s: servers: servers // { ${s.masters} = lib.unique ((servers.${s.masters} or []) ++ [s.keys]); })
{}
${cfg.extraConfig}
${ lib.concatMapStrings
- ({ name, file, master ? true, extra ? "", slaves ? [], masters ? [] }:
+ ({ name, file, master ? true, extraConfig ? "", slaves ? [], masters ? [] }:
''
zone "${name}" {
type ${if master then "master" else "slave"};
};
'' else ""}
allow-query { any; };
- ${extra}
+ ${extraConfig}
};
'')
- cfg.zones }
+ (builtins.attrValues cfg.zones) }
'';
mxes = lib.attrsets.filterAttrs
(n: v: v.mx.enable)
config.myEnv.servers;
ip4mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
- (n: v: "${v.mx.subdomain} IN A ${v.ips.main.ip4}")
+ (n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN A ${i}") v.ips.main.ip4))
mxes);
ip6mxes = builtins.concatStringsSep "\n" (lib.mapAttrsToList
(n: v: builtins.concatStringsSep "\n" (map (i: "${v.mx.subdomain} IN AAAA ${i}") v.ips.main.ip6))
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
users.users.named.extraGroups = [ "keys" ];
- secrets.keys = lib.mapAttrsToList (k: v:
- {
- dest = "bind/${k}.key";
+ secrets.keys = lib.mapAttrs' (k: v:
+ lib.nameValuePair "bind/${k}.key" {
permissions = "0400";
user = "named";
text = ''
allow-recursion { 127.0.0.1; };
allow-transfer { none; };
- notify-source ${config.myEnv.servers.eldiron.ips.main.ip4};
+ notify-source ${lib.head config.myEnv.servers.eldiron.ips.main.ip4};
notify-source-v6 ${lib.head config.myEnv.servers.eldiron.ips.main.ip6};
version none;
hostname none;
masters = if lib.attrsets.hasAttr "masters" conf
then lib.lists.flatten (map (n: lib.attrsets.attrValues ns.${n}) conf.masters)
else [];
+ slaves = [];
}) slaveZones)
++ (map (conf: {
name = conf.name;
master = true;
- extra = if lib.attrsets.hasAttr "extra" conf then conf.extra else "";
+ extraConfig = if lib.attrsets.hasAttr "extra" conf then conf.extra else "";
+ masters = [];
slaves = if lib.attrsets.hasAttr "slaves" conf
then lib.lists.flatten (map (n: lib.attrsets.attrValues ns.${n}) conf.slaves)
else [];
; https://support.google.com/a/answer/9261504
_mta-sts${suffix} IN TXT "v=STSv1;id=20200109150200Z"
_smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
- mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4}
+ ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN A ${i}") config.myEnv.servers.eldiron.ips.main.ip4)}
${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
; Mail sender authentications