diff --git a/hosts/router.home.ts.hillion.co.uk/default.nix b/hosts/router.home.ts.hillion.co.uk/default.nix index c9a90a0..0829309 100644 --- a/hosts/router.home.ts.hillion.co.uk/default.nix +++ b/hosts/router.home.ts.hillion.co.uk/default.nix @@ -19,13 +19,14 @@ }; custom.defaults = true; + custom.impermanence.enable = true; + custom.locations.autoServe = true; + + services.nsd.port = 8854; ## Interactive password custom.users.jake.password = true; - ## Impermanence - custom.impermanence.enable = true; - ## Networking networking = { firewall.enable = lib.mkForce false; @@ -99,6 +100,9 @@ ip protocol icmp counter accept comment "accept all ICMP types" + iifname "lo" udp dport ${toString config.services.nsd.port} accept comment "Public DNS" + iifname "lo" tcp dport ${toString config.services.nsd.port} accept comment "Public DNS" + iifname "eth0" tcp dport 22 counter accept comment "SSH" iifname "eth0" udp dport 4242 counter accept comment "Nebula Lighthouse" @@ -137,6 +141,9 @@ chain prerouting { type nat hook prerouting priority filter; policy accept; + iifname eth0 udp dport 53 counter redirect to ${toString config.services.nsd.port} + iifname eth0 tcp dport 53 counter redirect to ${toString config.services.nsd.port} + iifname eth0 tcp dport 32400 counter dnat to 10.64.50.27 iifname eth0 tcp dport 7654 counter dnat to 10.64.50.21 } diff --git a/modules/locations.nix b/modules/locations.nix index 9ae8fa2..4d704e5 100644 --- a/modules/locations.nix +++ b/modules/locations.nix @@ -19,7 +19,10 @@ in { custom.locations.locations = { services = { - authoritative_dns = [ "boron.cx.ts.hillion.co.uk" ]; + authoritative_dns = [ + "boron.cx.ts.hillion.co.uk" + "router.home.ts.hillion.co.uk" + ]; downloads = "phoenix.st.ts.hillion.co.uk"; frigate = "phoenix.st.ts.hillion.co.uk"; gitea = "boron.cx.ts.hillion.co.uk";