rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-25 16:08:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

updates

Browse source
This commit is contained in:
Rouven Seifert 2025-01-13 15:42:20 +01:00
parent 60586106be
commit 3d572d7a38
7 changed files with 62 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/falkenstein/modules/dns/default.nix
View file

@ -96,11 +96,17 @@ in
};
};
};
systemd.services.bind.preStart = ''
# copy the file manually to its destination since signing requires a writable directory
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
'';
systemd.services.bind-zonefile = {
script = ''
# copy the file manually to its destination since signing requires a writable directory
${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
'';
};
systemd.services.bind = {
after = [ "bind-zonefile.service" ];
requires = [ "bind-zonefile.service" ];
};
networking.firewall.extraInputRules = ''
ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"