maxwell/nameserver.nix

{ config, ... }:

# Setup:
# PDNS recursor on port 53
# DNSCrypt wrapper on port 1194
# NCDNS for Namecoin bit. zone resolution

{
  # Recursive DNS resolver
  services.pdns-recursor = {
    enable = true;
    # Configures the bit. zone
    resolveNamecoin = true;
    dns.allowFrom = [ "0.0.0.0/0" ];
  };

  # Wrap the local recursive resolver
  # in DNSCrypt on the default OpenVPN port.
  # This port is chosen because it's usually
  # not blocked in corporate networks.
  services.dnscrypt-wrapper = {
    enable  = true;
    address = "0.0.0.0";
    port    = 1194;
    providerKey.public = config.secrets.dnscrypt.pub;
    providerKey.secret = config.secrets.dnscrypt.sec;
  };

  # Namecoin resolver
  services.ncdns = {
    enable = true;
    # This is currently broken, see ncdns issue:
    # https://github.com/namecoin/ncdns/issues/127
    dnssec.enable = false;
  };

  # Namecoin daemon with RPC server
  services.namecoind = {
    enable = true;
    # This are used by the resolver (ncdns)
    # to query the blockchain.
    rpc.user     = config.secrets.namecoin.user;
    rpc.password = config.secrets.namecoin.password;
  };

}
initial commit 2020-10-20 01:11:28 +02:00			`{ config, ... }:`

			`# Setup:`
			`# PDNS recursor on port 53`
			`# DNSCrypt wrapper on port 1194`
			`# NCDNS for Namecoin bit. zone resolution`

			`{`
			`# Recursive DNS resolver`
			`services.pdns-recursor = {`
			`enable = true;`
			`# Configures the bit. zone`
			`resolveNamecoin = true;`
			`dns.allowFrom = [ "0.0.0.0/0" ];`
			`};`

			`# Wrap the local recursive resolver`
			`# in DNSCrypt on the default OpenVPN port.`
			`# This port is chosen because it's usually`
			`# not blocked in corporate networks.`
			`services.dnscrypt-wrapper = {`
			`enable = true;`
			`address = "0.0.0.0";`
			`port = 1194;`
dnscrypt-wrapper: use secrets-store 2020-10-26 01:58:44 +01:00			`providerKey.public = config.secrets.dnscrypt.pub;`
			`providerKey.secret = config.secrets.dnscrypt.sec;`
initial commit 2020-10-20 01:11:28 +02:00			`};`

			`# Namecoin resolver`
			`services.ncdns = {`
			`enable = true;`
			`# This is currently broken, see ncdns issue:`
			`# https://github.com/namecoin/ncdns/issues/127`
			`dnssec.enable = false;`
			`};`

			`# Namecoin daemon with RPC server`
			`services.namecoind = {`
			`enable = true;`
			`# This are used by the resolver (ncdns)`
			`# to query the blockchain.`
			`rpc.user = config.secrets.namecoin.user;`
			`rpc.password = config.secrets.namecoin.password;`
			`};`

			`}`