swann: enable coredns and use google public DNS over TLS
This commit is contained in:
parent
c0a6e48970
commit
68deb62b38
1 changed files with 69 additions and 0 deletions
|
|
@ -135,14 +135,83 @@ in {
|
||||||
interfaces.ens-general = {
|
interfaces.ens-general = {
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
8080 6789 # Unifi
|
8080 6789 # Unifi
|
||||||
|
53 # DNS
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
3478 10001 # Unifi
|
3478 10001 # Unifi
|
||||||
|
53 # DNS
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = false;
|
||||||
|
protocol = "cloudflare";
|
||||||
|
domains = ["home.lukegb.com"];
|
||||||
|
zone = "lukegb.com";
|
||||||
|
password = secrets.cloudflareCredentials.token;
|
||||||
|
use = "if";
|
||||||
|
extraConfig = ''
|
||||||
|
if=ens-virginmedia
|
||||||
|
daemon=0
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
systemd.services.ddclient.serviceConfig.ExecStart = let
|
||||||
|
ddclient = pkgs.perlPackages.buildPerlPackage rec {
|
||||||
|
pname = "ddclient";
|
||||||
|
version = "3.9.1";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "ddclient";
|
||||||
|
repo = "ddclient";
|
||||||
|
rev = "11a583b003920f8e15591813598b70061d1a4654";
|
||||||
|
sha256 = "sha256:1xz09vkii3mc2jmfwx9is07i06iiryv51571vdnl4m5mdnvsmlwb";
|
||||||
|
};
|
||||||
|
outputs = [ "out" ];
|
||||||
|
doCheck = false;
|
||||||
|
buildInputs = with pkgs.perlPackages; [ IOSocketSSL DigestSHA1 DataValidateIP JSONPP ];
|
||||||
|
nativeBuildInputs = with pkgs; [ autoreconfHook makeWrapper ];
|
||||||
|
preConfigure = ''
|
||||||
|
touch Makefile.PL
|
||||||
|
'';
|
||||||
|
postInstall = ''
|
||||||
|
patchShebangs $out/bin/ddclient
|
||||||
|
wrapProgram $out/bin/ddclient \
|
||||||
|
--suffix PATH : ${lib.makeBinPath (with pkgs; [ pkgs.iproute ])} \
|
||||||
|
--prefix PERL5LIB : $PERL5LIB
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
RuntimeDirectory = "ddclient";
|
||||||
|
in lib.mkForce "${lib.getBin ddclient}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [];
|
environment.systemPackages = with pkgs; [];
|
||||||
|
|
||||||
|
services.coredns = {
|
||||||
|
enable = true;
|
||||||
|
config = ''
|
||||||
|
.:53 {
|
||||||
|
bind 192.168.1.1 127.0.0.53
|
||||||
|
acl {
|
||||||
|
allow net 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 127.0.0.0/8
|
||||||
|
block
|
||||||
|
}
|
||||||
|
loadbalance
|
||||||
|
forward . tls://8.8.8.8 tls://8.8.4.4 {
|
||||||
|
tls_servername dns.google
|
||||||
|
}
|
||||||
|
cache {
|
||||||
|
success 4096
|
||||||
|
denial 1024
|
||||||
|
prefetch 512
|
||||||
|
}
|
||||||
|
prometheus :9153
|
||||||
|
errors
|
||||||
|
log
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
networking.resolvconf.extraConfig = ''
|
||||||
|
name_servers='127.0.0.53'
|
||||||
|
'';
|
||||||
|
|
||||||
system.stateVersion = "21.03";
|
system.stateVersion = "21.03";
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue