{ config, lib, globals, dns, ... }: let kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns); in { options.bind9.enable = lib.mkEnableOption "bind9"; config = lib.mkIf config.bind9.enable { kubernetes.resources = { configMaps = { bind9-env.data.TZ = "Europe/Amsterdam"; bind9-config.data = { # TODO: this was copied from nix's generated bind config # Is there a way to generate this without actually running the nixos module? config = '' acl cachenetworks { 127.0.0.0/24; }; acl badnetworks { }; options { listen-on { any; }; listen-on-v6 { any; }; allow-query { cachenetworks; }; blackhole { badnetworks; }; forward first; forwarders { }; directory "/run/named"; pid-file "/run/named/named.pid"; allow-transfer { none; }; allow-recursion { none; }; version none; notify no; }; zone "kun.is" { type master; file "/etc/bind/kun.is.zone"; allow-transfer { }; allow-query { any; }; }; ''; kunis-zone = kunisZone; }; }; deployments.bind9.spec = { selector.matchLabels.app = "bind9"; template = { metadata.labels.app = "bind9"; spec = { containers = { bind9-udp = { image = globals.images.bind9; envFrom = [{configMapRef.name = "bind9-env";}]; ports.dns-udp = { containerPort = 53; protocol = "UDP"; }; volumeMounts = [ { name = "config"; mountPath = "/etc/bind/named.conf"; subPath = "config"; } { name = "config"; mountPath = "/etc/bind/kun.is.zone"; subPath = "kunis-zone"; } ]; }; bind9-tcp = { image = globals.images.bind9; envFrom = [{configMapRef.name = "bind9-env";}]; ports.dns-tcp = { containerPort = 53; protocol = "TCP"; }; volumeMounts = [ { name = "config"; mountPath = "/etc/bind/named.conf"; subPath = "config"; } { name = "config"; mountPath = "/etc/bind/kun.is.zone"; subPath = "kunis-zone"; } ]; }; }; volumes = [ { name = "config"; configMap.name = "bind9-config"; } ]; }; }; }; services = { bind9-udp = { metadata.annotations = { "metallb.universe.tf/loadBalancerIPs" = "${globals.bind9IPv4},${globals.bind9Ipv6}"; "metallb.universe.tf/allow-shared-ip" = "dns"; }; spec = { type = "LoadBalancer"; selector.app = "bind9"; ipFamilies = ["IPv4" "IPv6"]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { port = 53; targetPort = "dns-udp"; protocol = "UDP"; }; }; }; bind9-tcp = { metadata.annotations = { "metallb.universe.tf/loadBalancerIPs" = "${globals.bind9IPv4},${globals.bind9Ipv6}"; "metallb.universe.tf/allow-shared-ip" = "dns"; }; spec = { type = "LoadBalancer"; selector.app = "bind9"; ipFamilies = ["IPv4" "IPv6"]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { port = 53; targetPort = "dns-tcp"; protocol = "TCP"; }; }; }; }; }; }; }