🔍 coredns updates

hosts/plato/configuration.nix

@@ -27,8 +27,6 @@ in {
   networking.useDHCP = false;
   networking.interfaces.enp10s0.useDHCP = true;
   networking.interfaces.enp9s0.useDHCP = true;
-  networking.nameservers = [ "100.111.208.75" "1.1.1.1" ];
-  networking.search = [ "walkah.lab" ];
 
   security.sudo.wheelNeedsPassword = false;
 
@@ -82,6 +80,8 @@ in {
   # Or disable the firewall altogether.
   networking.firewall.enable = false;
 
+  walkah.coredns = { enable = true; };
+
   services = {
     grafana = {
       enable = true;
@@ -136,6 +136,4 @@ in {
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "20.09"; # Did you read the comment?
-
 }
-

hosts/socrates/configuration.nix

@@ -9,6 +9,7 @@ in {
     ./networking.nix # generated at runtime by nixos-infect
     <home-manager/nixos>
 
+    ../../modules/coredns
     ../../modules/matrix/nginx.nix
   ];
 
@@ -20,8 +21,6 @@ in {
   networking.hostName = "socrates";
   networking.firewall.allowPing = true;
   networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.nameservers = [ "100.111.208.75" "1.1.1.1" ];
-  networking.search = [ "walkah.lab" ];
 
   security.sudo.wheelNeedsPassword = false;
 
@@ -50,6 +49,11 @@ in {
   security.acme.acceptTerms = true;
   security.acme.email = "walkah@walkah.net";
 
+  walkah.coredns = {
+    enable = true;
+    addr = "100.103.57.96";
+  };
+
   services = {
     nginx = {
       enable = true;

modules/coredns/default.nix

@@ -1,23 +1,43 @@
 { config, lib, pkgs, ... }:
+with lib;
 
-{
+let cfg = config.walkah.coredns;
-  services.coredns = {
+in {
-    enable = true;
+  options.walkah.coredns = {
-    config = ''
+    enable = mkEnableOption "";
-      . {
+    addr = mkOption {
-        log
+      type = types.str;
-        errors
+      default = "0.0.0.0";
-        cache
+      example = "192.168.6.1";
-        dnssec
+    };
-        prometheus 0.0.0.0:9153
+  };
-        forward . tls://1.1.1.1 tls://1.0.0.1 {
+
-          tls_servername cloudflare-dns.com
+  config = mkIf cfg.enable {
+    services.coredns = {
+      enable = true;
+      config = ''
+        . {
+          bind ${cfg.addr}
+          prometheus ${cfg.addr}:9153
+          log
+          errors
+          cache
+          dnssec
+          forward . tls://1.1.1.1 tls://1.0.0.1 {
+            tls_servername cloudflare-dns.com
+          }
         }
-      }
 
-      walkah.lab {
+        walkah.lab {
-        file ${./walkah.lab.zone}
+          bind ${cfg.addr}
-      }
+          file ${./walkah.lab.zone}
-    '';
+        }
+      '';
+    };
+
+    networking = {
+      nameservers = [ "100.111.208.75" "100.103.57.96" ];
+      search = [ "walkah.lab" ];
+    };
   };
 }

modules/coredns/walkah.lab.zone

@@ -1,6 +1,6 @@
 $ORIGIN walkah.lab.
 @       3600 IN SOA plato.walkah.lab. walkah.walkah.net. (
-        2020042900 ; serial
+        2021070700 ; serial
         7200       ; refresh (2 hours)
         3600       ; retry (1 hour)
         1209600    ; expire (2 weeks)
@@ -15,5 +15,5 @@ form            IN A    100.87.220.71
 matter          IN A    100.126.255.109
 purpose         IN A    100.74.59.80
 
-parthenon       IN A    100.73.24.17
+parthenon       IN A    100.106.65.40
 epicurus        IN A    100.66.26.116