wireguard/home: Add dns server

2021-02-20 19:56:33 +01:00 · 2021-02-20 19:56:33 +01:00 · 785bb2214b
parent be7e67cf1f
commit 785bb2214b
1 changed files with 32 additions and 2 deletions
--- a/modules/wireguard/home.nix
+++ b/modules/wireguard/home.nix
@ -1,4 +1,4 @@
-{ lib, config, ... }:
+{ lib, config, pkgs, ... }:
 let
  serverHostName = "vueko";
  peers = {
@ -72,11 +72,41 @@ in

    networking.firewall = {
      trustedInterfaces = [ "wg-home" ];
-      allowedUDPPorts = lib.optional enableServer 51820;
+      allowedUDPPorts = lib.optionals enableServer [
+        51820
+        53
+      ];
    };

    boot.kernel.sysctl = lib.optionalAttrs enableServer {
      "net.ipv4.ip_forward" = 1;
    };
+
+    services.bind = lib.mkIf enableServer {
+      enable = true;
+      zones = lib.singleton {
+        name = "vpn.sbruder.de";
+        file =
+          let
+            # !!! very hacky
+            hexStringToInt = hex: (builtins.fromTOML "int = 0x${hex}").int;
+
+            peerRecords = lib.concatStrings
+              (lib.mapAttrsToList
+                (peer: peerConfig: ''
+                  ${peer} IN A ${peerConfig.address}
+                '')
+                peers);
+
+            peerRecordsHash = builtins.hashString "sha256" peerRecords;
+            serial = hexStringToInt (lib.substring 0 8 peerRecordsHash);
+          in
+          pkgs.writeText "vpn.sbruder.de.zone" (''
+            $TTL 3600
+            @ IN SOA ${serverHostName}.sbruder.de. hostmaster.sbruder.de. ${toString serial} 28800 3600 604800 3600
+            @ IN NS ${serverHostName}.sbruder.de.
+          '' + peerRecords);
+      };
+    };
  };
 }