JakeHillion/nixos
1
0
Fork 0
Code Issues 9 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

router: add authoritative dns server
Some checks failed
flake / flake (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-12-18 10:36:06 +00:00
parent c14154487f
commit 54ca7830ac
2 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/router.home.ts.hillion.co.uk/default.nix
View File

@ -19,13 +19,14 @@
}; };
custom.defaults = true; custom.defaults = true;
custom.impermanence.enable = true;
custom.locations.autoServe = true;
services.nsd.interfaces = [ "eth0" ];
## Interactive password ## Interactive password
custom.users.jake.password = true; custom.users.jake.password = true;
## Impermanence
custom.impermanence.enable = true;
## Networking ## Networking
networking = { networking = {
firewall.enable = lib.mkForce false; firewall.enable = lib.mkForce false;
@ -99,8 +100,11 @@
ip protocol icmp counter accept comment "accept all ICMP types" ip protocol icmp counter accept comment "accept all ICMP types"
iifname "eth0" tcp dport 22 counter accept comment "SSH" iifname "eth0" tcp dport 22 counter accept comment "SSH"
iifname "eth0" udp dport 4242 counter accept comment "Nebula Lighthouse" iifname "eth0" tcp dport 53 counter accept comment "Public DNS"
iifname "eth0" udp dport 53 counter accept comment "Public DNS"
iifname "eth0" udp dport 4242 counter accept comment "Nebula Lighthouse"
iifname { "eth0", "cameras" } ct state { established, related } counter accept iifname { "eth0", "cameras" } ct state { established, related } counter accept
iifname { "eth0", "cameras" } drop iifname { "eth0", "cameras" } drop
@ -128,8 +132,8 @@
iifname "tailscale0" oifname { "eth1", "eth2" } counter accept comment "Allow LAN access from Tailscale" iifname "tailscale0" oifname { "eth1", "eth2" } counter accept comment "Allow LAN access from Tailscale"
iifname { "eth1", "eth2" } oifname "tailscale0" ct state { established,related } counter accept comment "Allow established back to Tailscale" iifname { "eth1", "eth2" } oifname "tailscale0" ct state { established,related } counter accept comment "Allow established back to Tailscale"
ip daddr 10.64.50.21 tcp dport 7654 counter accept comment "Tang"
ip daddr 10.64.50.27 tcp dport 32400 counter accept comment "Plex" ip daddr 10.64.50.27 tcp dport 32400 counter accept comment "Plex"
ip daddr 10.64.50.21 tcp dport 7654 counter accept comment "Tang"
} }
} }
@ -137,8 +141,8 @@
chain prerouting { chain prerouting {
type nat hook prerouting priority filter; policy accept; type nat hook prerouting priority filter; policy accept;
iifname eth0 tcp dport 7654 counter dnat to 10.64.50.21
iifname eth0 tcp dport 32400 counter dnat to 10.64.50.27 iifname eth0 tcp dport 32400 counter dnat to 10.64.50.27
iifname eth0 tcp dport 7654 counter dnat to 10.64.50.21
} }
chain postrouting { chain postrouting {
@ -321,6 +325,8 @@
unbound = { unbound = {
enable = true; enable = true;
resolveLocalQueries = false;
settings = { settings = {
server = { server = {
interface = [ interface = [

5
modules/locations.nix
View File

@ -19,7 +19,10 @@ in
{ {
custom.locations.locations = { custom.locations.locations = {
services = { services = {
authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ]; authoritative_dns = [
"boron.cx.ts.hillion.co.uk"
"router.home.ts.hillion.co.uk"
];
downloads = "phoenix.st.ts.hillion.co.uk"; downloads = "phoenix.st.ts.hillion.co.uk";
frigate = "phoenix.st.ts.hillion.co.uk"; frigate = "phoenix.st.ts.hillion.co.uk";
gitea = "boron.cx.ts.hillion.co.uk"; gitea = "boron.cx.ts.hillion.co.uk";