ready for runners

2025-06-06 23:32:17 +02:00 · 2025-06-06 23:32:17 +02:00 · 7dd5043b5d
commit 7dd5043b5d
parent fc9971ddc9
49 changed files with 2569 additions and 1085 deletions
--- a/nixos/hosts/dns/dnsmasq.nix
+++ b/nixos/hosts/dns/dnsmasq.nix
@ -0,0 +1,61 @@
+{
+  services.dnsmasq = {
+    enable = true;
+    alwaysKeepRunning = true;
+    settings = {
+      domain = "lab";
+      expand-hosts = true;
+      domain-needed = true;
+
+      # interface = "eth0";  # Replace with your real interface
+      bind-interfaces = true;
+
+      local = [
+        "/lab/"
+        "/procopius.dk/"
+      ];
+      bogus-priv = true;
+      no-resolv = true;
+
+      # no-hosts = true; # Prevent 127.0.0.2 etc from leaking in
+      server = [
+        "8.8.8.8"
+        "8.8.4.4"
+        "1.1.1.1"
+        "1.0.0.1"
+      ];
+
+      # Static DNS entry: map hostname to IP (without DHCP)
+      address = [
+        # Static IPs
+        "/dns.lab/192.168.1.53"
+        "/traefik.lab/192.168.1.80"
+        # "/proxmox-01.lab/192.168.1.205"
+        # "/nas-01.lab/192.168.1.226"
+
+        # Split Horizon DNS
+        "/procopius.dk/192.168.1.80"
+        "/.procopius.dk/192.168.1.80"
+      ];
+
+      cache-size = 10000;
+
+      dhcp-authoritative = true;
+      dhcp-range = "192.168.1.100,192.168.1.254,12h";
+      dhcp-host = "bc:24:11:58:f5:da,dns,192.168.1.53";
+      # "Use 192.168.1.53 as your DNS server."
+      dhcp-option = [
+        "option:router,192.168.1.1" # router
+        "option:dns-server,192.168.1.53" # DNS server (this VM)
+      ];
+
+      log-queries = true;
+      localise-queries = true;
+      log-async = true;
+      # log-facility = "/var/log/dnsmasq/dnsmasq.log";
+    };
+  };
+
+  services.prometheus.exporters.dnsmasq.enable = true;
+  services.prometheus.exporters.dnsmasq.openFirewall = true;
+}
--- a/nixos/hosts/dns/host.nix
+++ b/nixos/hosts/dns/host.nix
@ -0,0 +1,9 @@
+{ config, pkgs, modulesPath, lib, ... }:
+
+{
+  imports = [
+    ../../templates/base.nix
+    ./networking.nix
+    ./dnsmasq.nix
+  ];
+}
--- a/nixos/hosts/dns/networking.nix
+++ b/nixos/hosts/dns/networking.nix
@ -0,0 +1,19 @@
+{
+  networking.hostName = "dns";
+  # networking.useHostResolvConf = false;
+  # networking.interfaces.eth0.useDHCP = true;
+  networking.interfaces.eth0.ipv4.addresses = [{
+    address = "192.168.1.53";
+    prefixLength = 24;
+  }];
+
+  networking.defaultGateway = "192.168.1.1"; # your router
+  networking.nameservers = [ "8.8.8.8" ]; # fallback resolvers
+
+  networking.firewall.allowedTCPPorts = [ 53 67 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 53 67 ];
+
+  networking.hosts = {
+    "192.168.1.53" = [ "dns" "dns.lab" ];
+  };
+}