{ config, pkgs, ... }:
let
  mastus = ''
    IN A 37.252.120.145
      IN AAAA 2a02:2770:5:0:21a:4aff:fe99:a937
  '';
  misuji = ''
    IN A 91.213.195.194
      IN AAAA 2a02:2770:3:0:21a:4aff:feac:bc0e
  '';

  timestamp = "1497294847";

  heNsServers = ''
    @ IN NS ns1.he.net.
    @ IN NS ns2.he.net.
    @ IN NS ns3.he.net.
    @ IN NS ns4.he.net.
    @ IN NS ns5.he.net.
  '';

  mailSetup = ''
    @ IN MX 10 mail.gebner.org.
    @ IN TXT v=spf1 mx -all
  '';

  commonStuff = domain: ''
    $ORIGIN ${domain}.
    @ 10800 IN SOA mastus.gebner.org. gebner.gebner.org. ${timestamp} 10800 3600 604800 10800
    ${heNsServers}
    ${mailSetup}
  '';
in
{
  services.nsd = {
    enable = true;
    interfaces = [ "0.0.0.0" "::" ];

    zones = {
      "gebner.org." = {
        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
        notify = [ "216.218.130.2 NOKEY" ];
        data = ''
          ${commonStuff "gebner.org"}

          @ IN TXT google-site-verification=Wk9aC8gfd5dH-4VA5rsgFSiKJtgkGJzYirds4oZFgSo

          misuji ${misuji}
          mastus ${mastus}

          home-gw IN A 80.109.2.154
          htdf-gw IN A 80.109.2.154
          mtlaa-gw IN A 84.112.114.160

          @ ${mastus}
          www IN CNAME mastus

          reader IN CNAME mastus
          git IN CNAME mastus
          kochbuch IN CNAME misuji
          howfatami IN CNAME misuji
          mail ${mastus}
          imap ${mastus}
          xmpp ${misuji}
          cookbook in CNAME misuji
          radicale in CNAME mastus
        '';
      };
      "gabrielebner.at." = {
        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
        notify = [ "216.218.130.2 NOKEY" ];
        data = ''
          ${commonStuff "gabrielebner.at"}

          @ ${mastus}
          www IN CNAME mastus.gebner.org.

          openid IN CNAME mastus.gebner.org.
        '';
      };
      "2b7e.org." = {
        provideXFR = [ "0.0.0.0/0 NOKEY" "::0/0 NOKEY" ];
        notify = [ "216.218.130.2 NOKEY" ];
        data = ''
          ${commonStuff "2b7e.org"}

          @ ${mastus}
          www IN CNAME mastus.gebner.org.
        '';
      };
    };
  };

  environment.systemPackages = [ pkgs.nsd ];
  networking.firewall = {
    allowedUDPPorts = [ 53 ];
    allowedTCPPorts = [ 53 ];
  };
}