v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

nixos: cleanup

Browse source
This commit is contained in:
Vivian 2021-11-21 21:56:17 +01:00
parent a967b6ab05
commit 8f0eb95dda
7 changed files with 31 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

14
nixos/hosts/dns/configuration.nix
View file

@ -1,7 +1,8 @@
{ config, pkgs, hosts, ... }:
let
let
inherit (builtins) filter hasAttr;
localdomain = "olympus";
ipv6Hosts = builtins.filter (builtins.hasAttr ip6) hosts;
ipv6Hosts = filter (hasAttr "ip6") hosts;
localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
@ -21,13 +22,14 @@ in {
system.stateVersion = "21.11"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [ dig ];
environment.systemPackages = with pkgs; [ dig dog drill ];
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
services.unbound = {
enable = true;
package = pkgs.v.unbound;
settings = {
server = {
use-syslog = "yes";
@ -37,7 +39,7 @@ in {
local-zone = ''"${localdomain}." transparent'';
local-data = (map localData hosts) ++ (map local6Data ipv6Hosts);
local-data-ptr = (map ptrData hosts);
local-data-ptr = (map ptrData hosts) ++ (map ptr6Data ipv6Hosts);
access-control = [
"127.0.0.1/32 allow_snoop"
@ -61,10 +63,6 @@ in {
"fe80::/10"
];
};
# forward-zone = {
# name = ''"."'';
# forward-addr = [ "8.8.8.8" "9.9.9.9" ];
# };
};
};
}