X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdns.nix;h=1d7fd52fb3fe6e11d27ea801da4f0518ee719069;hb=fa25ffd4583cc362075cd5e1b4130f33306103f0;hp=1149daf6787508f36befea23903b7360774f80e6;hpb=8175055f973b3f6e8a383abcaa42afb22f279e24;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index 1149daf..1d7fd52 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -2,16 +2,25 @@
 {
   options.myServices.dns.enable = lib.mkEnableOption "enable DNS resolver";
   config = let
+    # taken from unstable
+    cartesianProductOfSets = attrsOfLists: with lib;
+      lib.foldl' (listOfAttrs: attrName:
+        concatMap (attrs:
+          map (listValue: attrs // { ${attrName} = listValue; }) attrsOfLists.${attrName}
+        ) listOfAttrs
+      ) [{}] (attrNames attrsOfLists);
     cfg = config.services.bind;
-    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"/var/secrets/bind/${v}.key\";") (builtins.attrNames config.myEnv.dns.keys));
+    keyIncludes = builtins.concatStringsSep "\n" (map (v: "include \"${config.secrets.fullPaths."bind/${v}.key"}\";") (builtins.attrNames config.myEnv.dns.keys));
+    cartProduct = lib.foldr
+      (s: servers: servers // { ${s.masters} = lib.unique ((servers.${s.masters} or []) ++ [s.keys]); })
+      {}
+      (lib.unique (lib.concatMap (z: cartesianProductOfSets { masters = z.masters or []; keys = z.keys or []; }) config.myEnv.dns.slaveZones));
     toKeyList = servers: keys: builtins.concatStringsSep "\n" (map (s: ''
       server ${s} {
         keys { ${builtins.concatStringsSep ";" keys}; };
       };
     '') servers);
-    serverIncludes = builtins.concatStringsSep "\n" (map (v:
-      lib.optionalString (builtins.length v.keys > 0) (toKeyList (lib.flatten (map (n: builtins.attrValues config.myEnv.dns.ns."${n}") v.masters)) v.keys)
-    ) config.myEnv.dns.slaveZones);
+    serverIncludes = builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: toKeyList (lib.flatten (builtins.attrValues config.myEnv.dns.ns."${n}"))) cartProduct);
     configFile = pkgs.writeText "named.conf" ''
       include "/etc/bind/rndc.key";
       controls {
@@ -78,9 +87,8 @@
     networking.firewall.allowedUDPPorts = [ 53 ];
     networking.firewall.allowedTCPPorts = [ 53 ];
     users.users.named.extraGroups = [ "keys" ];
-    secrets.keys = lib.mapAttrsToList (k: v:
-      {
-        dest = "bind/${k}.key";
+    secrets.keys = lib.mapAttrs' (k: v:
+      lib.nameValuePair "bind/${k}.key" {
         permissions = "0400";
         user = "named";
         text = ''