Simon Bruder
ebfa0ec16a
Sadly, they are so interconnected, that it is not easily possible to migrate it in smaller steps. It should be refactored to make them more modularised and independent of each other.
45 lines
1.1 KiB
Nix
45 lines
1.1 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
|
|
extraConfig = ''
|
|
bogus-priv # do not forward revese lookups of internal addresses
|
|
domain-needed # do not forward names without domain
|
|
local-service # only respond to queries from local network
|
|
no-hosts # do not resolve hosts from /etc/hosts
|
|
no-resolv # only use explicitly configured resolvers
|
|
|
|
cache-size=10000
|
|
|
|
server=/fritz.box/192.168.100.1
|
|
|
|
domain=home.sbruder.de
|
|
|
|
dhcp-range=192.168.100.20,192.168.100.150,12h
|
|
dhcp-option=option:router,192.168.100.1
|
|
'';
|
|
servers = [
|
|
"9.9.9.9" # dns.quad9.net
|
|
"2620:fe::fe"
|
|
"194.150.168.168" # dns.as250.net
|
|
];
|
|
};
|
|
|
|
# Make `local-service` work (requires network interface with all addresses)
|
|
systemd.services.dnsmasq = {
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
};
|
|
|
|
services.prometheus.exporters.dnsmasq = {
|
|
enable = true;
|
|
listenAddress = "0.0.0.0";
|
|
leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
|
|
};
|
|
|
|
networking.firewall.allowedUDPPorts = [ 53 67 ];
|
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
|
}
|