Add option

.gitignore

@@ -1,2 +1,3 @@
 norbert
 .idea
+result

flake.lock

@@ -0,0 +1,26 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1665087388,
+        "narHash": "sha256-FZFPuW9NWHJteATOf79rZfwfRn5fE0wi9kRzvGfDHPA=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "95fda953f6db2e9496d2682c4fc7b82f959878f7",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,96 @@
+{
+  description = "A DNS server for the ACME DNS-01 challenge written in dependency-free nim";
+
+  inputs.nixpkgs.url = github:NixOS/nixpkgs;
+
+  outputs = { self, nixpkgs }:
+     let
+       # System types to support.
+       supportedSystems = [ "x86_64-linux" "aarch64-darwin" ];
+
+       # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
+       forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
+
+       # Nixpkgs instantiated for supported system types.
+       nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; });
+     in
+  {
+    packages = forAllSystems(system:
+      let
+        pkgs = nixpkgsFor.${system};
+      in
+      {
+        default = pkgs.nimPackages.buildNimPackage {
+          name = "norbert";
+          src = self;
+        };
+      }
+    );
+
+    nixosModules.default = { config, lib, pkgs, ... }:
+      with lib;
+      let cfg = config.mawalu.services.norbert;
+      in
+    {
+      options.mawalu.services.norbert = {
+        enable = mkEnableOption "Enable the norbert DNS server";
+
+        config = {
+          baseDomain = mkOption {
+            type = types.str;
+            description = "Base domain.";
+          };
+
+          dnsPort = mkOption {
+            type = types.port;
+            description = "DNS server port";
+            default = 15353;
+          };
+
+          apiPort = mkOption {
+            type = types.port;
+            description = "API port";
+            default = 18000;
+          };
+        };
+
+        users = mkOption {
+          default = {};
+          type = types.attrsOf (types.submodule {
+            options = {
+              password = mkOption {
+                type = types.str;
+                default = null;
+                description = "API password for the user";
+              };
+            };
+          });
+          example = literalExpression ''
+            {
+              "exampleuser" = {
+                password = "insecure";
+              };
+            }
+          '';
+        };
+      };
+
+      config = mkIf cfg.enable {
+        systemd.services.norbert = {
+          wantedBy = [ "multi-user.target" ];
+
+          serviceConfig = let pkg = self.packages.${pkgs.system}.default;
+          in {
+            Restart = "on-failure";
+            ExecStart = "${pkg}/bin/norbert ${pkgs.writeText "config" (generators.toINIWithGlobalSection {} {
+              globalSection = cfg.config;
+              sections = cfg.users;
+            })}";
+            DynamicUser = "yes";
+            AmbientCapabilities = ["CAP_NET_BIND_SERVICE"];
+          };
+        };
+      };
+    };
+  };
+}

norbert.nimble

@@ -0,0 +1,13 @@
+# Package
+
+version       = "1.0.0"
+author        = "mawalu"
+description   = "A DNS server for the ACME DNS-01 challenge"
+license       = "MIT"
+srcDir        = "."
+bin           = @["norbert"]
+
+
+# Dependencies
+
+requires "nim >= 1.6.0"