knot-resolver: treesitter highlighting

hosts/delta/knot-resolver.nix

@@ -39,38 +39,40 @@
       "159.69.4.2:443"
       "[2a01:4f8:1c0c:70d1::1]:443"
     ];
-    extraConfig = ''
+    extraConfig =
-      -- TLS certificate for DoT and DoH
+      # lua
-      -- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-net_tlssrv.html
+      ''
-      net.tls(
+        -- TLS certificate for DoT and DoH
-        "${config.security.acme.certs."caspervk.net".directory}/fullchain.pem",
+        -- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-net_tlssrv.html
-        "${config.security.acme.certs."caspervk.net".directory}/key.pem"
+        net.tls(
-      )
+          "${config.security.acme.certs."caspervk.net".directory}/fullchain.pem",
-      -- Cache is stored in /var/cache/knot-resolver, which is mounted as
+          "${config.security.acme.certs."caspervk.net".directory}/key.pem"
-      -- tmpfs. Allow using 75% of the partition for caching.
-      -- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
-      cache.size = math.floor(cache.fssize() * 0.75)
-      -- The predict module helps to keep the cache hot by prefetching
-      -- records. Any time the resolver answers with records that are about to
-      -- expire, they get refreshed.
-      -- https://knot-resolver.readthedocs.io/en/stable/modules-predict.html
-      modules.load("predict")
-      -- Block spam and advertising domains
-      -- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#response-policy-zones
-      policy.add(
-        policy.rpz(
-          policy.ANSWER({ [kres.type.A] = {rdata=kres.str2ip("0.0.0.0"), ttl = 600} }),
-          "${pkgs.runCommand "stevenblack-blocklist-rpz" {} ''grep '^0\.0\.0\.0' ${pkgs.stevenblack-blocklist}/hosts | awk '{print $2 " 600 IN CNAME .\n*." $2 " 600 IN CNAME ."}' > $out''}"
         )
-      )
+        -- Cache is stored in /var/cache/knot-resolver, which is mounted as
-      -- Test domain to verify DNS server is being used
+        -- tmpfs. Allow using 75% of the partition for caching.
-      policy.add(
+        -- https://knot-resolver.readthedocs.io/en/stable/daemon-bindings-cache.html
-        policy.domains(
+        cache.size = math.floor(cache.fssize() * 0.75)
-          policy.ANSWER({ [kres.type.A] = {rdata = kres.str2ip("192.0.2.0"), ttl = 5} }),
+        -- The predict module helps to keep the cache hot by prefetching
-          policy.todnames({"test.dns.caspervk.net"})
+        -- records. Any time the resolver answers with records that are about to
+        -- expire, they get refreshed.
+        -- https://knot-resolver.readthedocs.io/en/stable/modules-predict.html
+        modules.load("predict")
+        -- Block spam and advertising domains
+        -- https://knot-resolver.readthedocs.io/en/stable/modules-policy.html#response-policy-zones
+        policy.add(
+          policy.rpz(
+            policy.ANSWER({ [kres.type.A] = {rdata=kres.str2ip("0.0.0.0"), ttl = 600} }),
+            "${pkgs.runCommand "stevenblack-blocklist-rpz" {} ''grep '^0\.0\.0\.0' ${pkgs.stevenblack-blocklist}/hosts | awk '{print $2 " 600 IN CNAME .\n*." $2 " 600 IN CNAME ."}' > $out''}"
+          )
         )
-      )
+        -- Test domain to verify DNS server is being used
-    '';
+        policy.add(
+          policy.domains(
+            policy.ANSWER({ [kres.type.A] = {rdata = kres.str2ip("192.0.2.0"), ttl = 5} }),
+            policy.todnames({"test.dns.caspervk.net"})
+          )
+        )
+      '';
   };
 
   networking.firewall = {