Commit 107abcb5b96b
Changed files (2)
machine
modules
services
machine/kobe.nix
@@ -5,7 +5,11 @@ with import ../assets/machines.nix; {
boot = {
cleanTmpDir = true;
};
- networking.firewall.allowPing = true;
+ networking.firewall = {
+ allowPing = true;
+ allowedUDPPorts = [ 53 ];
+ allowedTCPPorts = [ 53 ];
+ };
nix = {
distributedBuilds = true;
buildMachines = [{
@@ -23,10 +27,43 @@ with import ../assets/machines.nix; {
ssh.enable = true;
};
services = {
+ bind = {
+ enable = true;
+ forwarders = [ "8.8.8.8" "8.8.4.4" ];
+ cacheNetworks = [ "192.168.12.0/24" "127.0.0.0/8" "10.100.0.0/24" ];
+ zones = [
+ {
+ # home
+ name = "home";
+ slaves = [];
+ file = ../assets/db.home;
+ }
+ {
+ # home.reverse
+ name = "192.168.12.in-addr.arpa";
+ slaves = [];
+ file = ../assets/db.192.168.12;
+ }
+ {
+ # vpn
+ name = "vpn";
+ slaves = [];
+ file = ../assets/db.vpn;
+ }
+ {
+ # vpn.reverse
+ name = "10.100.0.in-addr.arpa";
+ slaves = [];
+ file = ../assets/db.10.100.0;
+ }
+ ];
+ };
+ /*
coredns = {
enable = true;
names = dns;
};
+ */
wireguard = {
enable = true;
ips = [ "${wireguard.ips.kobe}/24" ];
modules/services/coredns.nix
@@ -102,7 +102,6 @@ in
};
systemd.packages = [ cfg.package ];
- # NEW
environment.etc = toNSFile cfg.names
// toReverseNSFile cfg.names
// toCorefile cfg.names;