elseym/module.nix

## module.nix
{ config, pkgs, lib, unstable, ... }:

with lib;

let
  cfg = config.pflaumen.dns.server;
  fmt = pkgs.formats.knotConf {};

  overlay = _: flip recursiveUpdate { inherit formats; };
  formats.knotConf = {}: rec {
    sectionType = with types;
      attrsOf (oneOf ((p: p ++ [ (listOf (oneOf p)) ]) [ bool str int float ]))
      // { description = "knot.conf value"; };
    type = with types;
      oneOf [ (attrsOf (listOf sectionType)) sectionType ]
      // { description = "knot.conf"; };
    generateString = settings: let
      order = [ "domain" "id" "target" ];
      attrNamesOrdered = s: intersectLists (attrNames s) order ++ subtractLists order (attrNames s);
      mkSection = n: v:
        concatStringsSep (if isList v then "\n- " else "\n  ") ([ "${n}:" ] ++ (
          if isList v then if v == [] then [] else map mkPairs v
          else if isAttrs v then if v == {} then [] else singleton (mkPairs v)
          else abort "unsupported section type ${n}=" + (generators.toPretty {} v)
        ));
      mkPairs = v: concatStringsSep "\n  " (flatten (map (e: mkPair e v.${e}) (attrNamesOrdered v)));
      mkPair = n: v:
        if isList v then map (mkPair n) v
        else singleton ("${n}: " + (
          if isBool v then if true == v then "true" else "false"
          else if strings.isCoercibleToString v then toString v
          else abort "unsupported value type ${n}=" + (generators.toPretty {} v)
        ));
      in concatStringsSep "\n" (mapAttrsToList mkSection settings);
    generate = name: value: pkgs.runCommandNoCC name {
      nativeBuildInputs = [ config.services.knot.package ];
      value = generateString value;
      passAsFile = [ "value" ];
    } ''
      knotc --config "$valuePath" conf-export >$out
    '';
  };

in {
  options.pflaumen.dns.server = {
    enable = mkEnableOption "knot as authoritative dns server";

    settings = mkOption { type = types.submodule {
      freeformType = fmt.type;
      options.server = mkOption { type = types.submodule {
        freeformType = fmt.sectionType;
        options.listen = mkOption { type = with types; listOf str; apply = map (l: if hasInfix "@" l then l else "${l}@53"); };
      }; default.listen = [ "0.0.0.0@53" "::@53" ]; };
      options.log = mkOption { type = types.listOf (types.submodule {
        freeformType = fmt.sectionType;
        options.target = mkOption { type = with types; either str (enum [ "stdout" "stderr" "syslog" ]); };
        options.any = mkOption { type = types.enum [ "critical" "error" "warning" "notice" "info" "debug" ]; };
      }); default = []; };
      options.remote = mkOption { type = types.listOf (types.submodule {
        freeformType = fmt.sectionType;
        options.id = mkOption { type = types.str; };
        options.address = mkOption { type = with types; listOf str; };
      }); default = []; };
      options.acl = mkOption { type = types.listOf (types.submodule {
        freeformType = fmt.sectionType;
        options.id = mkOption { type = types.str; };
        options.address = mkOption { type = with types; listOf str; };
        options.action = mkOption { type = with types; listOf (enum [ "notify" "transfer" "update" ]); };
      }); default = []; };
      options.zone = mkOption { type = types.listOf (types.submodule {
        freeformType = fmt.sectionType;
        options.domain = mkOption { type = types.str; };
        options.file = mkOption { type = with types; either str path; };
        options.notify = mkOption { type = with types; listOf str; default = []; };
        options.acl = mkOption { type = with types; listOf str; default = []; };
      }); default = []; };
    }; };
  };

  config = mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];
    nixpkgs.overlays = [ overlay ];

    services.knot.enable = true;
    services.knot.package = unstable.knot-dns;
    services.knot.extraConfig = fmt.generateString cfg.settings;
  };
}
	{ config, pkgs, lib, unstable, ... }:

	with lib;

	let
	cfg = config.pflaumen.dns.server;
	fmt = pkgs.formats.knotConf {};

	overlay = _: flip recursiveUpdate { inherit formats; };
	formats.knotConf = {}: rec {
	sectionType = with types;
	attrsOf (oneOf ((p: p ++ [ (listOf (oneOf p)) ]) [ bool str int float ]))
	// { description = "knot.conf value"; };
	type = with types;
	oneOf [ (attrsOf (listOf sectionType)) sectionType ]
	// { description = "knot.conf"; };
	generateString = settings: let
	order = [ "domain" "id" "target" ];
	attrNamesOrdered = s: intersectLists (attrNames s) order ++ subtractLists order (attrNames s);
	mkSection = n: v:
	concatStringsSep (if isList v then "\n- " else "\n ") ([ "${n}:" ] ++ (
	if isList v then if v == [] then [] else map mkPairs v
	else if isAttrs v then if v == {} then [] else singleton (mkPairs v)
	else abort "unsupported section type ${n}=" + (generators.toPretty {} v)
	));
	mkPairs = v: concatStringsSep "\n " (flatten (map (e: mkPair e v.${e}) (attrNamesOrdered v)));
	mkPair = n: v:
	if isList v then map (mkPair n) v
	else singleton ("${n}: " + (
	if isBool v then if true == v then "true" else "false"
	else if strings.isCoercibleToString v then toString v
	else abort "unsupported value type ${n}=" + (generators.toPretty {} v)
	));
	in concatStringsSep "\n" (mapAttrsToList mkSection settings);
	generate = name: value: pkgs.runCommandNoCC name {
	nativeBuildInputs = [ config.services.knot.package ];
	value = generateString value;
	passAsFile = [ "value" ];
	} ''
	knotc --config "$valuePath" conf-export >$out
	'';
	};

	in {
	options.pflaumen.dns.server = {
	enable = mkEnableOption "knot as authoritative dns server";

	settings = mkOption { type = types.submodule {
	freeformType = fmt.type;
	options.server = mkOption { type = types.submodule {
	freeformType = fmt.sectionType;
	options.listen = mkOption { type = with types; listOf str; apply = map (l: if hasInfix "@" l then l else "${l}@53"); };
	}; default.listen = [ "0.0.0.0@53" "::@53" ]; };
	options.log = mkOption { type = types.listOf (types.submodule {
	freeformType = fmt.sectionType;
	options.target = mkOption { type = with types; either str (enum [ "stdout" "stderr" "syslog" ]); };
	options.any = mkOption { type = types.enum [ "critical" "error" "warning" "notice" "info" "debug" ]; };
	}); default = []; };
	options.remote = mkOption { type = types.listOf (types.submodule {
	freeformType = fmt.sectionType;
	options.id = mkOption { type = types.str; };
	options.address = mkOption { type = with types; listOf str; };
	}); default = []; };
	options.acl = mkOption { type = types.listOf (types.submodule {
	freeformType = fmt.sectionType;
	options.id = mkOption { type = types.str; };
	options.address = mkOption { type = with types; listOf str; };
	options.action = mkOption { type = with types; listOf (enum [ "notify" "transfer" "update" ]); };
	}); default = []; };
	options.zone = mkOption { type = types.listOf (types.submodule {
	freeformType = fmt.sectionType;
	options.domain = mkOption { type = types.str; };
	options.file = mkOption { type = with types; either str path; };
	options.notify = mkOption { type = with types; listOf str; default = []; };
	options.acl = mkOption { type = with types; listOf str; default = []; };
	}); default = []; };
	}; };
	};

	config = mkIf cfg.enable {
	networking.firewall.allowedTCPPorts = [ 53 ];
	networking.firewall.allowedUDPPorts = [ 53 ];
	nixpkgs.overlays = [ overlay ];

	services.knot.enable = true;
	services.knot.package = unstable.knot-dns;
	services.knot.extraConfig = fmt.generateString cfg.settings;
	};
	}