maxwell/nameserver.nix

{ config, lib, ... }:

# Setup:
# pdns-recursor on localhost:54
# dnsdist on port 53 (DNS)
# ncdns for Namecoin bit. zone resolution

{
  # Recursive DNS resolver
  services.pdns-recursor =
    { enable = true;
      # Configures the bit. zone
      resolveNamecoin = true;
      dns.port = 54;
    };

  # Public DNS resolver
  services.dnsdist =
    { enable = true;
      extraConfig = ''
        -- Listen on IPv6 and IPv4
        setLocal("[::]:53"); addLocal("0.0.0.0:53")

        -- Allow everything
        setACL({"0.0.0.0/0", "::/0"})

        -- Set upstream resolver
        newServer({address="[::1]:54", name="pdns"})
      '';
    };

  # Namecoin resolver
  services.ncdns =
    { enable = true;
      # This is currently broken, see ncdns issue:
      # https://github.com/namecoin/ncdns/issues/127
      dnssec.enable = false;
    };

  # Namecoin daemon with RPC server
  services.namecoind =
    { enable = true;
      # This are used by the resolver (ncdns)
      # to query the blockchain.
      rpc.user     = config.secrets.namecoin.user;
      rpc.password = config.secrets.namecoin.password;
    };

  users.users.namecoin.group = "namecoin";

}
move dnscrypt to port 443 2023-08-15 16:21:59 +02:00			`{ config, lib, ... }:`
initial commit 2020-10-20 01:11:28 +02:00
			`# Setup:`
replace DNSCrypt for DNS in IPsec transport 2024-07-23 00:11:46 +02:00			`# pdns-recursor on localhost:54`
			`# dnsdist on port 53 (DNS)`
replace dnscrypt-wrapper with dnsdist 2024-07-04 11:21:51 +02:00			`# ncdns for Namecoin bit. zone resolution`
initial commit 2020-10-20 01:11:28 +02:00
			`{`
			`# Recursive DNS resolver`
move dnscrypt to port 443 2023-08-15 16:21:59 +02:00			`services.pdns-recursor =`
			`{ enable = true;`
			`# Configures the bit. zone`
			`resolveNamecoin = true;`
replace DNSCrypt for DNS in IPsec transport 2024-07-23 00:11:46 +02:00			`dns.port = 54;`
move dnscrypt to port 443 2023-08-15 16:21:59 +02:00			`};`
initial commit 2020-10-20 01:11:28 +02:00
replace dnscrypt-wrapper with dnsdist 2024-07-04 11:21:51 +02:00			`# Public DNS resolver`
			`services.dnsdist =`
			`{ enable = true;`
			`extraConfig = ''`
			`-- Listen on IPv6 and IPv4`
			`setLocal("[::]:53"); addLocal("0.0.0.0:53")`

			`-- Allow everything`
			`setACL({"0.0.0.0/0", "::/0"})`

			`-- Set upstream resolver`
replace DNSCrypt for DNS in IPsec transport 2024-07-23 00:11:46 +02:00			`newServer({address="[::1]:54", name="pdns"})`
replace dnscrypt-wrapper with dnsdist 2024-07-04 11:21:51 +02:00			`'';`
			`};`

initial commit 2020-10-20 01:11:28 +02:00			`# Namecoin resolver`
move dnscrypt to port 443 2023-08-15 16:21:59 +02:00			`services.ncdns =`
			`{ enable = true;`
			`# This is currently broken, see ncdns issue:`
			`# https://github.com/namecoin/ncdns/issues/127`
			`dnssec.enable = false;`
			`};`
initial commit 2020-10-20 01:11:28 +02:00
			`# Namecoin daemon with RPC server`
move dnscrypt to port 443 2023-08-15 16:21:59 +02:00			`services.namecoind =`
			`{ enable = true;`
			`# This are used by the resolver (ncdns)`
			`# to query the blockchain.`
			`rpc.user = config.secrets.namecoin.user;`
			`rpc.password = config.secrets.namecoin.password;`
			`};`
initial commit 2020-10-20 01:11:28 +02:00
fix namecoin module bug 2021-12-21 00:31:25 +01:00			`users.users.namecoin.group = "namecoin";`

initial commit 2020-10-20 01:11:28 +02:00			`}`