wireguard/home: Add dns server

This commit is contained in:
Simon Bruder 2021-02-20 19:56:33 +01:00
parent be7e67cf1f
commit 785bb2214b
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -1,4 +1,4 @@
{ lib, config, ... }: { lib, config, pkgs, ... }:
let let
serverHostName = "vueko"; serverHostName = "vueko";
peers = { peers = {
@ -72,11 +72,41 @@ in
networking.firewall = { networking.firewall = {
trustedInterfaces = [ "wg-home" ]; trustedInterfaces = [ "wg-home" ];
allowedUDPPorts = lib.optional enableServer 51820; allowedUDPPorts = lib.optionals enableServer [
51820
53
];
}; };
boot.kernel.sysctl = lib.optionalAttrs enableServer { boot.kernel.sysctl = lib.optionalAttrs enableServer {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
}; };
services.bind = lib.mkIf enableServer {
enable = true;
zones = lib.singleton {
name = "vpn.sbruder.de";
file =
let
# !!! very hacky
hexStringToInt = hex: (builtins.fromTOML "int = 0x${hex}").int;
peerRecords = lib.concatStrings
(lib.mapAttrsToList
(peer: peerConfig: ''
${peer} IN A ${peerConfig.address}
'')
peers);
peerRecordsHash = builtins.hashString "sha256" peerRecords;
serial = hexStringToInt (lib.substring 0 8 peerRecordsHash);
in
pkgs.writeText "vpn.sbruder.de.zone" (''
$TTL 3600
@ IN SOA ${serverHostName}.sbruder.de. hostmaster.sbruder.de. ${toString serial} 28800 3600 604800 3600
@ IN NS ${serverHostName}.sbruder.de.
'' + peerRecords);
};
};
}; };
} }