From 617dd624903cdb23951f1484c19bc1574b10fa74 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sun, 16 Mar 2025 13:22:12 +0100
Subject: ahmed: Add certificates for local DNS

---
 hosts/ahmed/local-dns/default.nix | 41 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 hosts/ahmed/local-dns/default.nix

(limited to 'hosts/ahmed/local-dns/default.nix')

diff --git a/hosts/ahmed/local-dns/default.nix b/hosts/ahmed/local-dns/default.nix
new file mode 100644
index 0000000..6ac96e9
--- /dev/null
+++ b/hosts/ahmed/local-dns/default.nix
@@ -0,0 +1,41 @@
+# This module sets up local DNS so that services on this host become visible to devices on LAN.
+# The work is split in submodules, coordinated via the options set in this module:
+#
+# - certificates.nix: Get certs for HTTPS (surprisingly hard)
+# - dns-resolver.nix: Make local domains visible to devices
+#
+# See the files for more info on how each part works.
+{lib, ...}: {
+  imports = [
+    ./certificates.nix
+    ./dns-resolver.nix
+  ];
+
+  options = {
+    linus.local-dns = {
+      domain = lib.mkOption {
+        description = ''
+          A (sub)domain we have ownership over.
+
+          To devices using our DNS cache (on port 53), it will look like this
+          computer has the authority over that domain. It should not be used to
+          server anything public, as that would then be overwritten.
+        '';
+        type = lib.types.nonEmptyStr;
+      };
+
+      # TODO: This assumes that all subdomains are located on this host. What about our NAS? Be more flexible.
+      subdomains = lib.mkOption {
+        description = ''
+          List of subdomains that to {option}`domain` which are in use.
+        '';
+        type = with lib.types; listOf nonEmptyStr;
+        default = [];
+      };
+    };
+  };
+
+  config = {
+    linus.local-dns.domain = "rumpenettet.linus.onl";
+  };
+}
-- 
cgit v1.2.3