nixos-config/machines/valkyrie/coredns/default.nix

{ config, ... }:
{
  services.coredns = {
    enable = true;

    extraArgs = [ "-quiet" ];

    config = ''
      .:5454 {
        bind lo
        reload 5s
        file /etc/coredns/tailscale.zone datarift.nl {
          reload 10s
        }
        forward . 1.1.1.1
        log
        debug
        errors
      }

      .:5455 {
        bind lo
        reload 5s
        file /etc/coredns/datarift.zone datarift.nl {
          reload 10s
        }
        forward . 1.1.1.1
        log
        debug
        errors
      }
    '';
  };

  environment.etc = {
    "coredns/datarift.zone" = {
      source = ./datarift.zone;
      mode = "0644";
    };
    "coredns/tailscale.zone" = {
      source = ./tailscale.zone;
      mode = "0644";
    };
  };

  systemd.services.coredns = {
    environment = {
      HOME = "%S/coredns";
    };
    serviceConfig = {
      StateDirectory = "coredns";
      EnvironmentFile = [ config.sops.secrets.coredns-env.path ];
    };
  };
}