nsd: enable remote-control

2023-08-07 01:23:41 +03:00 · 2023-08-07 01:23:41 +03:00 · a8bf8d7504
commit a8bf8d7504
parent 275c4ee8ca
1 changed files with 18 additions and 3 deletions
--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@ -172,6 +172,7 @@

    nsd = {
      enable = true;
+      remoteControl.enable = true;
      interfaces = ["0.0.0.0" "::"];
      zones = {
        "jakstys.lt.".data = myData.jakstysLTZone;
@ -179,13 +180,27 @@
          $ORIGIN _acme-endpoint.grafana.jakstys.lt.
          $TTL 60
          @      SOA   _acme-endpoint.grafana.jakstys.lt. motiejus.jakstys.lt. (2023080702 600 600 600 600)
-          @      TXT   foo2
+          @      TXT   foo3
          ns      NS   ${myData.hosts."vno1-oh2.servers.jakst".publicIP}
        '';
      };
    };
  };

+  systemd.services.nsd-control-setup = {
+    requiredBy = ["nsd.service"];
+    before = ["nsd.service"];
+    unitConfig = {
+      ConditionPathExists = "!/etc/nsd/nsd_control.key";
+    };
+    serviceConfig = {
+      Type = "oneshot";
+      UMask = 0077;
+    };
+    path = [pkgs.nsd pkgs.openssl];
+    script = ''nsd-control-setup'';
+  };
+
  networking = {
    hostId = "f9117e1b";
    hostName = "vno1-oh2";
@ -199,8 +214,8 @@
      }
    ];
    firewall = {
-      allowedUDPPorts = [ 53 ];
-      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [53];
+      allowedTCPPorts = [53];
      logRefusedConnections = false;
      checkReversePath = "loose"; # for tailscale
    };