nixos-infra-framework/modules/services/dns/options.nix

{ config, lib, ... }:

let
  inherit (lib) types mkOption;
in

{
  options.services.dns = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Enable the Technitium DNS Server";
    };

    package = mkOption {
      type = types.package;
      default = null;
      description = "Technitium DNS Server package to use. Defaults to pkgs.technitium-dns-server.";
    };

    webPort = mkOption {
      type = types.port;
      default = 5380;
      description = "HTTP port for the Technitium web administration interface";
    };

    dnsPort = mkOption {
      type = types.port;
      default = 53;
      description = "DNS server port (both TCP and UDP)";
    };

    recursion = mkOption {
      type = types.enum [ "AllowOnlyForPrivateNetworks" "AllowAll" "DenyAll" ];
      default = "AllowOnlyForPrivateNetworks";
      description = "Recursion policy for DNS queries";
    };

    forwarders = mkOption {
      type = types.listOf types.str;
      default = [ ];
      description = "Upstream DNS forwarders (e.g. [ \"1.1.1.1\" \"8.8.8.8\" ]). Empty means use root hints";
    };

    configDir = mkOption {
      type = types.str;
      default = "/etc/dns";
      description = "Directory for persistent Technitium DNS configuration and zone data";
    };

    adminPasswordFile = mkOption {
      type = types.nullOr types.str;
      default = null;
      description = ''
        Path to a file containing the admin password for the web interface.
        If not set, the default credentials (admin/admin) are used.
        Use agenix or sops-nix to provide this file securely.
      '';
    };

    listenAddresses = mkOption {
      type = types.listOf types.str;
      default = [ ];
      description = "IP addresses to listen on. Empty means listen on all interfaces";
    };

    allowZoneTransfer = mkOption {
      type = types.listOf types.str;
      default = [ ];
      description = "IP addresses or subnets allowed to request zone transfers (AXFR/IXFR)";
    };

    extraConfig = mkOption {
      type = types.attrsOf types.anything;
      default = { };
      description = "Additional Technitium DNS configuration options as an attribute set";
    };
  };
}