nixos/estuary: Add PowerDNS recursor Netdata monitoring

2022-06-12 19:37:52 +01:00
parent e0f9d50713
commit e846c4404e
6 changed files with 59 additions and 22 deletions
--- a/nixos/boxes/colony/vms/estuary/dns.nix
+++ b/nixos/boxes/colony/vms/estuary/dns.nix
@@ -19,22 +19,36 @@ in
          owner = "pdns";
          group = "pdns";
        };
-        "netdata-powerdns.conf" = {
+        "colony-netdata-powerdns.conf" = {
          owner = "netdata";
          group = "netdata";
        };
+
+        "colony-pdns-recursor.conf" = {
+          owner = "pdns-recursor";
+          group = "pdns-recursor";
+        };
+        "colony-netdata-powerdns_recursor.conf" = {
+          owner = "netdata";
+          group = "netdata";
+        };
+      };
+
+      pdns.recursor = {
+        enable = true;
+        extraSettingsFile = config.age.secrets."colony-pdns-recursor.conf".path;
      };
    };

    services = {
      netdata = {
        configDir = {
-          "go.d/powerdns.conf" = config.age.secrets."netdata-powerdns.conf".path;
+          "go.d/powerdns.conf" = config.age.secrets."colony-netdata-powerdns.conf".path;
+          "go.d/powerdns_recursor.conf" = config.age.secrets."colony-netdata-powerdns_recursor.conf".path;
        };
      };

      pdns-recursor = {
-        enable = true;
        dns = {
          address = [
            "127.0.0.1" "::1"
@@ -53,6 +67,10 @@ in
          # DNS NOTIFY messages override TTL
          allow-notify-for = authZones;
          allow-notify-from = [ "127.0.0.0/8" "::1/128" ];
+
+          webserver = true;
+          webserver-address = "::";
+          webserver-allow-from = [ "127.0.0.1" "::1" ];
        };
      };
    };