hosts/plover/services/dns-server: fix server settings and its zone files

configs/nixos/plover/modules/services/dns-server/default.nix

@@ -8,20 +8,21 @@ let
   cfg = hostCfg.services.dns-server;
 
   inherit (config.networking) domain fqdn;
+  inherit (config.state.network.interfaces) wan lan;
 
   zonesDir = "/etc/bind/zones";
   getZoneFile = domain: "${zonesDir}/${domain}.zone";
 
   zonefile = pkgs.substituteAll {
     src = ./zones/${domain}.zone;
-    ploverWANIPv4 = config.state.network.ipv4;
-    ploverWANIPv6 = config.state.network.ipv6;
+    ploverWANIPv4 = wan.ipv4;
+    ploverWANIPv6 = wan.ipv6;
   };
 
   fqdnZone = pkgs.substituteAll {
     src = ./zones/${fqdn}.zone;
-    ploverWANIPv4 = config.state.network.ipv4;
-    ploverWANIPv6 = config.state.network.ipv6;
+    ploverLANIPv4 = wan.ipv4;
+    ploverLANIPv6 = wan.ipv6;
   };
 
   dnsSubdomain = "ns1.${domain}";
@@ -66,18 +67,16 @@ in
 
         listenOn = [
           "127.0.0.1"
-          config.state.network.ipv4
+          wan.ipv4
+          lan.ipv4
         ];
 
         listenOnIpv6 = [
           "::1"
-          config.state.network.ipv6
+          wan.ipv6
+          lan.ipv6
         ];
 
-        extraConfig = ''
-          include "${config.state.paths.dataDir}/dns/*-dnskeys.conf";
-        '';
-
         # Welp, since the template is pretty limited, we'll have to go with our
         # own. This is partially based from the NixOS Bind module except without
         # the template for filling in zones since we use views.
@@ -187,10 +186,10 @@ in
           in
           lib.mkAfter ''
             # Install the domain zone.
-            [ -f ${lib.escapeShellArg domainZone'} ] && install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'}
+            [ -f ${lib.escapeShellArg domainZone'} ] || install -Dm0600 ${zonefile} ${lib.escapeShellArg domainZone'}
 
             # Install the internal DNS zones.
-            [ -f ${lib.escapeShellArg fqdnZone'} ] && install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'}
+            [ -f ${lib.escapeShellArg fqdnZone'} ] || install -Dm0600 '${fqdnZone}' ${lib.escapeShellArg fqdnZone'}
           '';
 
         serviceConfig = {

configs/nixos/plover/modules/services/dns-server/zones/foodogsquared.one.zone

@@ -18,18 +18,13 @@ $ORIGIN foodogsquared.one.
 ; https://mxroutedocs.com/
 @	IN	MX	10 heracles.mxrouting.net.
 	IN	MX	20 heracles-relay.mxrouting.net.
-	IN	TXT	"v=spf1 include:mxlogin.com -all"
+	IN	TXT	v=spf1 include:mxlogin.com -all
 
 ; Protect the validity of my emails sent by me!!!!
-x._domainkey	3600	IN	TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB"
+x._domainkey	3600	IN	TXT	v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlrgdsO4jLncMoGAowlE14oB9R2ESxNLRBtkzc24LOPJ1CwEIE+5AHZd+ZRMwiD7fdXcyCH7/E1BRXWT+TtLnKnBgf5I0z6EbPqiPPb6nmpDWrbZzA2mdKetAKz0kFJC8oYK7lQF7Bdh57y/HWksoH6yjl1E88m8tEQ/thlyABGjqzV+txgmc1BryFu23KasqI2c4We/KgvsoSSAaUHkjpAMCuJck/P0G9mJWyTHrnZN2gCotyenLBZew0BIbiA2XYp6dQW4sU+MawfZ0E1KA0lem0SRYCB+sGD248uj4xVo9sIiCVyO9EQXy/YCZTeuTQHf1+QeFzI82vIrlv63QIDAQAB
 
 ; Protect my domain email from spoofing.
-_dmarc	400	IN	TXT	"v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one"
-
-
-
-; Keybase verification key.
-@	3600	IN	TXT	#keybaseVerificationKey#
+_dmarc	400	IN	TXT	v=DMARC1;p=none;rua=mailto:postmaster@foodogsquared.one;ruf=mailto:admin@foodogsquared.one
 
 ; This will make PGP clients find my public key for the email.
 _hkps._tcp	IN	SRV	1 1 443 pgp.mailbox.org.