From c294e159e2a2fed0b1265aff92e18ea3e7007f5b Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo@depeuter.dev>
Date: Mon, 26 May 2025 22:38:29 +0200
Subject: [PATCH] feat: Basic recursive dns

---
 modules/apps/bind9/db.depeuter.dev    | 16 ++++++++
 modules/apps/bind9/default.nix        | 54 +++++++++++++++++++++++++++
 modules/apps/bind9/named.conf         |  2 +
 modules/apps/bind9/named.conf.local   |  4 ++
 modules/apps/bind9/named.conf.options | 35 +++++++++++++++++
 modules/apps/default.nix              |  1 +
 6 files changed, 112 insertions(+)
 create mode 100644 modules/apps/bind9/db.depeuter.dev
 create mode 100644 modules/apps/bind9/default.nix
 create mode 100644 modules/apps/bind9/named.conf
 create mode 100644 modules/apps/bind9/named.conf.local
 create mode 100644 modules/apps/bind9/named.conf.options

diff --git a/modules/apps/bind9/db.depeuter.dev b/modules/apps/bind9/db.depeuter.dev
new file mode 100644
index 0000000..fbd06c3
--- /dev/null
+++ b/modules/apps/bind9/db.depeuter.dev
@@ -0,0 +1,16 @@
+$TTL    604800
+@       IN      SOA     ns1.depeuter.dev. admin.depeuter.dev. (
+                              5         ; Serial
+                         604800         ; Refresh
+                          86400         ; Retry
+                        2419200         ; Expire
+                         604800 )       ; Negative Cache TTL
+
+; name servers - NS records
+        IN      NS      ns1.depeuter.dev.
+;       IN      NS      ns2.depeuter.dev.
+
+ns1.depeuter.dev.  IN      A       192.168.0.91
+;ns1.depeuter.dev.  IN      A       192.158.0.X
+
+hugo.depeuter.dev. IN      A       192.168.0.11
diff --git a/modules/apps/bind9/default.nix b/modules/apps/bind9/default.nix
new file mode 100644
index 0000000..a2346c1
--- /dev/null
+++ b/modules/apps/bind9/default.nix
@@ -0,0 +1,54 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.homelab.apps.bind9;
+in {
+  options.homelab.apps.bind9.enable = lib.mkEnableOption "ISC BIND 9 (Docker)";
+
+  config = lib.mkIf cfg.enable {
+    homelab.virtualisation.containers.enable = true;
+
+    environment.etc = {
+      "bind/named.conf" = {
+        source = ./named.conf;
+        mode = "0555";
+      };
+      "bind/named.conf.options" = {
+        source = ./named.conf.options;
+        mode = "0555";
+      };
+      "bind/named.conf.local" = {
+        source = ./named.conf.local;
+        mode = "0555";
+      };
+      "bind/zones/db.depeuter.dev" = {
+        source = ./db.depeuter.dev;
+        mode = "0555";
+      };
+    };
+
+    virtualisation.oci-containers.containers.bind9 = {
+      hostname = "bind9";
+      #image = "internetsystemsconsortium/bind9:9.20"; # Current stable
+      image = "ubuntu/bind9"; # Current stable
+      autoStart = true;
+      ports = [
+        "53:53/udp"
+        "53:53/tcp"
+        "953:953/tcp"
+      ];
+      extraOptions = [
+      ];
+      environment = {
+      };
+      volumes = [
+        "/etc/bind:/etc/bind" # For configuration, your `named.conf` lives here
+        "bind9-cache:/var/cache/bind"
+        #"...:/var/lib/bind" # Secondary zones
+        "bind9-logs:/var/log" # Logfiles
+      ];
+      labels = {
+      };
+    };
+  };
+}
diff --git a/modules/apps/bind9/named.conf b/modules/apps/bind9/named.conf
new file mode 100644
index 0000000..d301bd7
--- /dev/null
+++ b/modules/apps/bind9/named.conf
@@ -0,0 +1,2 @@
+include "/etc/bind/named.conf.options";
+include "/etc/bind/named.conf.local";
diff --git a/modules/apps/bind9/named.conf.local b/modules/apps/bind9/named.conf.local
new file mode 100644
index 0000000..442eca9
--- /dev/null
+++ b/modules/apps/bind9/named.conf.local
@@ -0,0 +1,4 @@
+zone "depeuter.dev" {
+    type primary;
+    file "/etc/bind/zones/db.depeuter.dev";
+};
diff --git a/modules/apps/bind9/named.conf.options b/modules/apps/bind9/named.conf.options
new file mode 100644
index 0000000..b05f4bf
--- /dev/null
+++ b/modules/apps/bind9/named.conf.options
@@ -0,0 +1,35 @@
+http local {
+        endpoints { "/dns-query"; };
+};
+
+acl bogusnets {
+};
+
+acl trusted {
+        192.168.0.0/16;
+};
+
+options {
+        directory "/var/cache/bind";
+
+        version "not currently available";
+
+        listen-on { any; };
+        listen-on-v6 { any; };
+        listen-on tls ephemeral { any; };
+        listen-on-v6 tls ephemeral { any; };
+        listen-on tls ephemeral http local { any; };
+        listen-on-v6 tls ephemeral http local { any; };
+
+        recursion yes;
+        forwarders {
+                9.9.9.9;
+                149.112.112.112;
+        };
+        forward only;
+
+        allow-query { any; };
+        allow-recursion { any; };
+        allow-transfer { none; };
+        blackhole { bogusnets; };
+};
diff --git a/modules/apps/default.nix b/modules/apps/default.nix
index 2d487e8..81c6a06 100644
--- a/modules/apps/default.nix
+++ b/modules/apps/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./arr
+    ./bind9
     ./calibre
     ./changedetection
     ./freshrss