summaryrefslogtreecommitdiff
path: root/Biz
diff options
context:
space:
mode:
Diffstat (limited to 'Biz')
-rw-r--r--Biz/Cloud/Ports.nix1
-rw-r--r--Biz/Dev.nix1
-rw-r--r--Biz/Dev/Configuration.nix14
-rw-r--r--Biz/Dev/Dns.nix36
-rw-r--r--Biz/Dev/Home.zone23
-rw-r--r--Biz/Dev/Networking.nix12
6 files changed, 72 insertions, 15 deletions
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix
index 049ca13..18c5f3a 100644
--- a/Biz/Cloud/Ports.nix
+++ b/Biz/Cloud/Ports.nix
@@ -3,6 +3,7 @@
bitcoind = 8333;
dandel-rovbur = 8080;
delugeWeb = 8112;
+ dns = 53;
dragons = 8095;
et = 2022;
gemini = 1965;
diff --git a/Biz/Dev.nix b/Biz/Dev.nix
index c31b004..6be4856 100644
--- a/Biz/Dev.nix
+++ b/Biz/Dev.nix
@@ -11,6 +11,7 @@ bild.os {
./Dev/Hardware.nix
./Dev/Hoogle.nix
./Dev/Networking.nix
+ ./Dev/Dns.nix
#./Dev/Wireguard.nix # this changed in the upgrade and I can't find docs
./Dragons.nix
# ./Dev/Guix.nix # I need to package a bunch of guile libs first
diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix
index 3560952..4e0a5f8 100644
--- a/Biz/Dev/Configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -50,7 +50,7 @@ in {
virtualisation.docker.enable = true;
virtualisation.docker.liveRestore = false;
- virtualisation.libvirtd.enable = true;
+ virtualisation.libvirtd.enable = false;
virtualisation.virtualbox.host.enable = false;
virtualisation.virtualbox.host.headless = false;
virtualisation.virtualbox.host.addNetworkInterface = false;
@@ -96,18 +96,6 @@ in {
services.deluge.openFilesLimit = 10240;
services.deluge.web.enable = true;
- services.dnsmasq.enable = true;
- services.dnsmasq.servers = [ "8.8.8.8" ];
- services.dnsmasq.resolveLocalQueries = true;
- services.dnsmasq.extraConfig = ''
- local=/home/
- cache-size=5000
- '';
- networking.extraHosts = ''
- 192.168.0.1 router.home
- 192.168.0.196 lithium.home
- '';
-
services.printing.enable = true;
services.murmur.enable = true;
diff --git a/Biz/Dev/Dns.nix b/Biz/Dev/Dns.nix
new file mode 100644
index 0000000..e64e114
--- /dev/null
+++ b/Biz/Dev/Dns.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+
+
+{
+ services.bind = {
+ enable = true;
+ forwarders = [
+ "8.8.8.8"
+ "1.1.1.1"
+ ];
+ cacheNetworks = [
+ "127.0.0.0/8"
+ "192.168.0.0/24"
+ ];
+ extraConfig = ''
+ '';
+ extraOptions = ''
+ dnssec-validation auto;
+ '';
+ zones = [
+ {
+ master = true;
+ name = "home";
+ slaves = [];
+ file = ./Home.zone;
+ }
+ ];
+ };
+
+ #networking.extraHosts = ''
+ # 192.168.0.1 router.home
+ # 192.168.0.196 lithium.home
+ #'';
+
+}
diff --git a/Biz/Dev/Home.zone b/Biz/Dev/Home.zone
new file mode 100644
index 0000000..86d4919
--- /dev/null
+++ b/Biz/Dev/Home.zone
@@ -0,0 +1,23 @@
+;$TTL 3D
+;@ IN SOA home. hostmaster (
+; 1 ; serial
+; 8H ; refresh
+; 2H ; retry
+; 4W ; expire
+; 1D) ; min ttl
+; IN NS ns.home.
+;home. IN A 192.168.0.196
+;router IN A 192.168.0.196
+;
+$TTL 1D
+@ IN SOA ns.home. hostmaster (
+ 3 ; Serial
+ 604800 ; Refresh
+ 86400 ; Retry
+ 2419200 ; Expire
+ 604800 ) ; Minimum
+@ IN NS ns. ; Name Server for the domain
+@ IN A 192.168.0.196 ;
+example.com. IN A 192.168.0.1 ; test
+router IN A 192.168.0.1 ; IP address for 'router'
+lithium IN A 192.168.0.196 ; my dev server
diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix
index 88ec4fb..721b8bf 100644
--- a/Biz/Dev/Networking.nix
+++ b/Biz/Dev/Networking.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, ... }:
let
ports = import ../Cloud/Ports.nix;
@@ -34,11 +34,19 @@ in {
ports.torrents
ports.httpdev
];
- allowedUDPPorts = [ ports.murmur ports.et ];
+ allowedUDPPorts = [
+ ports.dns
+ ports.et
+ ports.murmur
+ ];
allowedUDPPortRanges = [
ports.torrents
];
checkReversePath = false;
+ #extraCommands = lib.mkMerge [ (lib.mkAfter ''
+ # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p udp --dport 53 -i enp1s0 -j nixos-fw-accept
+ # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p tcp --dport 53 -i enp1s0 -j nixos-fw-accept
+ #'') ];
};
# The global useDHCP flag is deprecated, therefore explicitly set to false here.