{ config, ... }: { services.coredns = { enable = true; config = '' .:5454 { bind lo reload 5s tailscale datarift.nl { authkey {$TS_AUTHKEY} fallthrough } forward . 127.0.0.1:5335 log debug errors } .:5455 { bind lo reload 5s file ${./datarift.zone} datarift.nl { reload 10s } forward . 127.0.0.1:5335 log debug errors } ''; }; systemd.services.coredns = { environment = { HOME = "%S/coredns"; }; serviceConfig = { StateDirectory = "coredns"; EnvironmentFile = [ config.sops.secrets.coredns-env.path ]; }; }; }