nix/hosts/prefect/services/nsd/default.nix

{inputs, ...}: let
  dns = inputs.dns.lib;
  provideXFRServers = [
    # Afraid.org FreeDNS
    "69.65.50.192 NOKEY"
    "2001:1850:1:5:800::6b NOKEY"
    # Hurricane Electric Free DNS
    "216.218.133.2 NOKEY"
    "2001:470:600::2 NOKEY"
  ];
  notifyServers = [
    # Afraid.org FreeDNS
    "69.65.50.192 NOKEY"
    # Hurricane Electric Free DNS
    "216.218.130.2 NOKEY"
    "2001:470:100::2 NOKEY"
  ];
in {
  services.nsd = {
    enable = true;
    # Listen on these IPs
    interfaces = [
      "5.161.140.5"
      "2a01:4ff:f0:98bf::1"
    ];
    ipTransparent = true;
    # Identify my nameserver
    identity = "HedgeDNS Authoritative DNS";
    nsid = "ascii_hedgedns";
    # Fork for extra redundency
    serverCount = 4;
    zones = {
      "thehedgehog.me" = {
        # Enable DNSSEC for thehedgehog.me
        ## Disabled until nixpkgs issue #169442 is fixed.
        dnssec = false;
        data = dns.toString "thehedgehog.me" (import ./thehedgehog.me.nix {inherit dns;});
        provideXFR = provideXFRServers;
        notify = notifyServers;
      };
      "yourmother.website" = {
        # Enable DNSSEC for yourmother.website
        ## Disabled until nixpkgs issue #169442 is fixed.
        dnssec = false;
        data = dns.toString "yourmother.website" (import ./yourmother.website.nix {inherit dns;});
        provideXFR = provideXFRServers;
        notify = notifyServers;
      };
      "mrhedgehog.xyz" = {
        # Enable DNSSEC for mrhedgehog.xyz
        ## Disabled until nixpkgs issue #169442 is fixed.
        dnssec = false;
        data = dns.toString "mrhedgehog.xyz" (import ./mrhedgehog.xyz.nix {inherit dns;});
        provideXFR = provideXFRServers;
        notify = notifyServers;
      };
      "mrhedge.me" = {
        # Enable DNSSEC for mrhedge.me
        ## Disabled until nixpkgs issue #169442 is fixed.
        dnssec = false;
        data = dns.toString "mrhedge.me" (import ./mrhedge.me.nix {inherit dns;});
        provideXFR = provideXFRServers;
        notify = notifyServers;
      };
      "pyrox.dev" = {
        # Enable DNSSEC for mrhedge.me
        ## Disabled until nixpkgs issue #169442 is fixed.
        dnssec = false;
        data = dns.toString "pyrox.dev" (import ./pyrox.dev.nix {inherit dns;});
        provideXFR = provideXFRServers;
        notify = notifyServers;
      };
    };
  };
}