From 0c081d98050f97702d007c6cad4c431611242109 Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Sat, 6 Mar 2021 17:11:36 +0100
Subject: [PATCH] fuuko: Add dnsmasq

---
 machines/fuuko/configuration.nix    |  1 +
 machines/fuuko/services/dnsmasq.nix | 37 +++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 machines/fuuko/services/dnsmasq.nix

diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix
index 98961b6..1bc9199 100644
--- a/machines/fuuko/configuration.nix
+++ b/machines/fuuko/configuration.nix
@@ -5,6 +5,7 @@
     ../../modules
     ../../users/simon
 
+    ./services/dnsmasq.nix
     ./services/grafana.nix
     ./services/media.nix
     ./services/prometheus.nix
diff --git a/machines/fuuko/services/dnsmasq.nix b/machines/fuuko/services/dnsmasq.nix
new file mode 100644
index 0000000..ca34497
--- /dev/null
+++ b/machines/fuuko/services/dnsmasq.nix
@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+
+{
+  services.dnsmasq = {
+    enable = true;
+
+    extraConfig = ''
+      bogus-priv # do not forward revese lookups of internal addresses
+      domain-needed # do not forward names without domain
+      local-service # only respond to queries from local network
+      no-hosts # do not resolve hosts from /etc/hosts
+      no-resolv # only use explicitly configured resolvers
+
+      server=/fritz.box/192.168.100.1
+
+      domain=home.sbruder.de
+
+      dhcp-range=192.168.100.20,192.168.100.150,12h
+      dhcp-option=option:router,192.168.100.1
+    '';
+    servers = [
+      # Digitalcourage
+      "46.182.19.48"
+      "2a02:2970:1002::18"
+
+      # Hurricane Electric
+      "74.82.42.42"
+      "2001:470:20::2"
+
+      # AS250
+      "194.150.168.168"
+      "2001:4ce8::53"
+    ];
+  };
+
+  networking.firewall.allowedUDPPorts = [ 53 67 ];
+}