{ config, pkgs, lib, ... }: let domain = "hexname.com"; # pdnsIp = "10.89.0.53"; in { virtualisation.oci-containers.containers = { hexname-powerdns = { image = "pschiffe/pdns-pgsql:latest"; hostname = "ns1.${domain}"; # ports = [ # "127.0.0.1:8081:8081/tcp" # ]; # networks = [ "hexname-net" ]; volumes = [ "/etc/localtime:/etc/localtime:ro" ]; environmentFiles = [ "/etc/env/hexname/powerdns.env" ]; environment = { # PDNS_primary = "yes"; PDNS_api = "yes"; PDNS_disable_axfr = "yes"; #PDNS_webserver = "yes"; PDNS_webserver_address = "127.0.0.1"; PDNS_webserver_port = "8081"; PDNS_local_address = "0.0.0.0:53"; PDNS_webserver_allow_from = "127.0.0.1/24"; PDNS_version_string = "anonymous"; PDNS_default_ttl = "3600"; # PDNS_gpgsql_password=... # PDNS_api_key=... PDNS_gpgsql_host = "127.0.0.1"; PDNS_gpgsql_port = "5432"; PDNS_gpgsql_dbname = "powerdns"; PDNS_gpgsql_user = "powerdns"; PDNS_gpgsql_dnssec = "yes"; }; extraOptions = [ "--network=host" ]; # dependsOn = [ "hexname-postgres" ]; }; }; # systemd.services.podman-network-hexname = { # description = "Podman network for HexName/PowerDNS"; # after = [ "podman.service" ]; # wantedBy = [ "multi-user.target" "podman-hexname-postgres.target" "podman-hexname-powerdns.target" ]; # serviceConfig.Type = "oneshot"; # path = [ pkgs.podman ] ; # script = '' # podman network inspect hexname-net >/dev/null 2>&1 || \ # podman network create hexname-net --subnet 10.89.0.0/24 # ''; # }; # Bind port 53 and send all requests to the container # networking.nftables.enable = true; # networking.nftables.tables.dns = { # family = "inet"; # content = '' # chain prerouting { # type nat hook prerouting priority -100; # udp dport 53 dnat ip to ${pdnsIp}:53 # tcp dport 53 dnat ip to ${pdnsIp}:53 # } # chain postrouting { # type nat hook postrouting priority 100; # ip saddr 10.89.0.0/24 masquerade # } # ''; # }; networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; }