diff options
Diffstat (limited to 'Biz')
-rw-r--r-- | Biz/Cloud/Ports.nix | 1 | ||||
-rw-r--r-- | Biz/Dev.nix | 1 | ||||
-rw-r--r-- | Biz/Dev/Configuration.nix | 14 | ||||
-rw-r--r-- | Biz/Dev/Dns.nix | 36 | ||||
-rw-r--r-- | Biz/Dev/Home.zone | 23 | ||||
-rw-r--r-- | Biz/Dev/Networking.nix | 12 |
6 files changed, 72 insertions, 15 deletions
diff --git a/Biz/Cloud/Ports.nix b/Biz/Cloud/Ports.nix index 049ca13..18c5f3a 100644 --- a/Biz/Cloud/Ports.nix +++ b/Biz/Cloud/Ports.nix @@ -3,6 +3,7 @@ bitcoind = 8333; dandel-rovbur = 8080; delugeWeb = 8112; + dns = 53; dragons = 8095; et = 2022; gemini = 1965; diff --git a/Biz/Dev.nix b/Biz/Dev.nix index c31b004..6be4856 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -11,6 +11,7 @@ bild.os { ./Dev/Hardware.nix ./Dev/Hoogle.nix ./Dev/Networking.nix + ./Dev/Dns.nix #./Dev/Wireguard.nix # this changed in the upgrade and I can't find docs ./Dragons.nix # ./Dev/Guix.nix # I need to package a bunch of guile libs first diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index 3560952..4e0a5f8 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -50,7 +50,7 @@ in { virtualisation.docker.enable = true; virtualisation.docker.liveRestore = false; - virtualisation.libvirtd.enable = true; + virtualisation.libvirtd.enable = false; virtualisation.virtualbox.host.enable = false; virtualisation.virtualbox.host.headless = false; virtualisation.virtualbox.host.addNetworkInterface = false; @@ -96,18 +96,6 @@ in { services.deluge.openFilesLimit = 10240; services.deluge.web.enable = true; - services.dnsmasq.enable = true; - services.dnsmasq.servers = [ "8.8.8.8" ]; - services.dnsmasq.resolveLocalQueries = true; - services.dnsmasq.extraConfig = '' - local=/home/ - cache-size=5000 - ''; - networking.extraHosts = '' - 192.168.0.1 router.home - 192.168.0.196 lithium.home - ''; - services.printing.enable = true; services.murmur.enable = true; diff --git a/Biz/Dev/Dns.nix b/Biz/Dev/Dns.nix new file mode 100644 index 0000000..e64e114 --- /dev/null +++ b/Biz/Dev/Dns.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + + + +{ + services.bind = { + enable = true; + forwarders = [ + "8.8.8.8" + "1.1.1.1" + ]; + cacheNetworks = [ + "127.0.0.0/8" + "192.168.0.0/24" + ]; + extraConfig = '' + ''; + extraOptions = '' + dnssec-validation auto; + ''; + zones = [ + { + master = true; + name = "home"; + slaves = []; + file = ./Home.zone; + } + ]; + }; + + #networking.extraHosts = '' + # 192.168.0.1 router.home + # 192.168.0.196 lithium.home + #''; + +} diff --git a/Biz/Dev/Home.zone b/Biz/Dev/Home.zone new file mode 100644 index 0000000..86d4919 --- /dev/null +++ b/Biz/Dev/Home.zone @@ -0,0 +1,23 @@ +;$TTL 3D +;@ IN SOA home. hostmaster ( +; 1 ; serial +; 8H ; refresh +; 2H ; retry +; 4W ; expire +; 1D) ; min ttl +; IN NS ns.home. +;home. IN A 192.168.0.196 +;router IN A 192.168.0.196 +; +$TTL 1D +@ IN SOA ns.home. hostmaster ( + 3 ; Serial + 604800 ; Refresh + 86400 ; Retry + 2419200 ; Expire + 604800 ) ; Minimum +@ IN NS ns. ; Name Server for the domain +@ IN A 192.168.0.196 ; +example.com. IN A 192.168.0.1 ; test +router IN A 192.168.0.1 ; IP address for 'router' +lithium IN A 192.168.0.196 ; my dev server diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix index 88ec4fb..721b8bf 100644 --- a/Biz/Dev/Networking.nix +++ b/Biz/Dev/Networking.nix @@ -1,4 +1,4 @@ -{ ... }: +{ lib, ... }: let ports = import ../Cloud/Ports.nix; @@ -34,11 +34,19 @@ in { ports.torrents ports.httpdev ]; - allowedUDPPorts = [ ports.murmur ports.et ]; + allowedUDPPorts = [ + ports.dns + ports.et + ports.murmur + ]; allowedUDPPortRanges = [ ports.torrents ]; checkReversePath = false; + #extraCommands = lib.mkMerge [ (lib.mkAfter '' + # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p udp --dport 53 -i enp1s0 -j nixos-fw-accept + # iptables -w -t filter -A nixos-fw -s 192.168.0.0/24 -p tcp --dport 53 -i enp1s0 -j nixos-fw-accept + #'') ]; }; # The global useDHCP flag is deprecated, therefore explicitly set to false here. |