trust-dns: more idiomatic way to define SOA records

hosts/servo/services/trust-dns.nix

@@ -11,22 +11,23 @@
   ];
 
   sane.services.trust-dns.zones."uninsane.org".TTL = 900;
-  sane.services.trust-dns.zones."uninsane.org".SOA = ''
-    ; SOA record structure: <https://en.wikipedia.org/wiki/SOA_record#Structure>
-    ; SOA MNAME RNAME (... rest)
-    ; MNAME = Master name server for this zone. this is where update requests should be sent.
-    ; RNAME = admin contact (encoded email address)
-    ; Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it.
-    ; Refresh = how frequently secondary NS should query master
-    ; Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh)
-    ; Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry)
-    @   IN          SOA     ns1.uninsane.org. admin-dns.uninsane.org. (
+
+  # SOA record structure: <https://en.wikipedia.org/wiki/SOA_record#Structure>
+  # SOA MNAME RNAME (... rest)
+  # MNAME = Master name server for this zone. this is where update requests should be sent.
+  # RNAME = admin contact (encoded email address)
+  # Serial = YYYYMMDDNN, where N is incremented every time this file changes, to trigger secondary NS to re-fetch it.
+  # Refresh = how frequently secondary NS should query master
+  # Retry = how long secondary NS should wait until re-querying master after a failure (must be < Refresh)
+  # Expire = how long secondary NS should continue to reply to queries after master fails (> Refresh + Retry)
+  sane.services.trust-dns.zones."uninsane.org".inet.SOA."@" = [''
+    ns1.uninsane.org. admin-dns.uninsane.org. (
                                     2022121601 ; Serial
                                     4h         ; Refresh
                                     30m        ; Retry
                                     7d         ; Expire
                                     5m)        ; Negative response TTL
-  '';
+  ''];
 
   sane.services.trust-dns.zones."uninsane.org".extraConfig = ''
     rev             TXT     "2022121601"

modules/services/trust-dns.nix

@@ -4,7 +4,22 @@ with lib;
 let
   cfg = config.sane.services.trust-dns;
   toml = pkgs.formats.toml { };
-  configFile =  toml.generate "trust-dns.toml" {
+  fmtRecord = proto: rrtype: name: value: "${name}\t${proto}\t${rrtype}\t${value}";
+  fmtRecordList = proto: rrtype: name: values: concatStringsSep
+    "\n"
+    (map (fmtRecord proto rrtype name) values)
+  ;
+  fmtRecordAttrs = proto: rrtype: rrAttrs:
+    concatStringsSep
+      "\n"
+      (
+        attrValues (
+          mapAttrs
+            (name: fmtRecordList proto rrtype name)
+            rrAttrs
+        )
+      );
+  configFile = toml.generate "trust-dns.toml" {
     listen_addrs_ipv4 = cfg.listenAddrsIPv4;
     zones = attrValues (
       mapAttrs (zone: zcfg: {
@@ -12,7 +27,7 @@ let
         zone_type = "Primary";
         file = pkgs.writeText "${zone}.zone" (''
           $TTL ${toString zcfg.TTL}
-          ${zcfg.SOA}
+          ${fmtRecordAttrs "IN" "SOA" zcfg.inet.SOA}
         '' + zcfg.extraConfig);
       }) cfg.zones
     );
@@ -39,15 +54,17 @@ in
               default = 3600;
               description = "default TTL";
             };
-            SOA = mkOption {
-              type = types.str;
-              description = "Start of Authority record";
-            };
             extraConfig = mkOption {
               type = types.lines;
               default = "";
               description = "extra lines to append to the zone file";
             };
+            inet = {
+              SOA = mkOption {
+                type = types.attrsOf (types.listOf types.str);
+                description = "Start of Authority record";
+              };
+            };
           };
         });
         default = {};