fuuko: Add dnsmasq

2021-03-06 17:11:36 +01:00 · 2021-03-06 17:11:36 +01:00 · 0c081d9805
parent 786edd1caf
commit 0c081d9805
2 changed files with 38 additions and 0 deletions
--- a/machines/fuuko/configuration.nix
+++ b/machines/fuuko/configuration.nix
@ -5,6 +5,7 @@
    ../../modules
    ../../users/simon

+    ./services/dnsmasq.nix
    ./services/grafana.nix
    ./services/media.nix
    ./services/prometheus.nix
--- a/machines/fuuko/services/dnsmasq.nix
+++ b/machines/fuuko/services/dnsmasq.nix
@ -0,0 +1,37 @@
+{ config, lib, ... }:
+
+{
+  services.dnsmasq = {
+    enable = true;
+
+    extraConfig = ''
+      bogus-priv # do not forward revese lookups of internal addresses
+      domain-needed # do not forward names without domain
+      local-service # only respond to queries from local network
+      no-hosts # do not resolve hosts from /etc/hosts
+      no-resolv # only use explicitly configured resolvers
+
+      server=/fritz.box/192.168.100.1
+
+      domain=home.sbruder.de
+
+      dhcp-range=192.168.100.20,192.168.100.150,12h
+      dhcp-option=option:router,192.168.100.1
+    '';
+    servers = [
+      # Digitalcourage
+      "46.182.19.48"
+      "2a02:2970:1002::18"
+
+      # Hurricane Electric
+      "74.82.42.42"
+      "2001:470:20::2"
+
+      # AS250
+      "194.150.168.168"
+      "2001:4ce8::53"
+    ];
+  };
+
+  networking.firewall.allowedUDPPorts = [ 53 67 ];
+}