ready for runners

2025-06-06 23:32:17 +02:00 · 2025-06-06 23:32:17 +02:00 · 7dd5043b5d
commit 7dd5043b5d
parent fc9971ddc9
49 changed files with 2569 additions and 1085 deletions
--- a/nixos/hosts/dns/dnsmasq.nix
+++ b/nixos/hosts/dns/dnsmasq.nix
@ -0,0 +1,61 @@
+{
+  services.dnsmasq = {
+    enable = true;
+    alwaysKeepRunning = true;
+    settings = {
+      domain = "lab";
+      expand-hosts = true;
+      domain-needed = true;
+
+      # interface = "eth0";  # Replace with your real interface
+      bind-interfaces = true;
+
+      local = [
+        "/lab/"
+        "/procopius.dk/"
+      ];
+      bogus-priv = true;
+      no-resolv = true;
+
+      # no-hosts = true; # Prevent 127.0.0.2 etc from leaking in
+      server = [
+        "8.8.8.8"
+        "8.8.4.4"
+        "1.1.1.1"
+        "1.0.0.1"
+      ];
+
+      # Static DNS entry: map hostname to IP (without DHCP)
+      address = [
+        # Static IPs
+        "/dns.lab/192.168.1.53"
+        "/traefik.lab/192.168.1.80"
+        # "/proxmox-01.lab/192.168.1.205"
+        # "/nas-01.lab/192.168.1.226"
+
+        # Split Horizon DNS
+        "/procopius.dk/192.168.1.80"
+        "/.procopius.dk/192.168.1.80"
+      ];
+
+      cache-size = 10000;
+
+      dhcp-authoritative = true;
+      dhcp-range = "192.168.1.100,192.168.1.254,12h";
+      dhcp-host = "bc:24:11:58:f5:da,dns,192.168.1.53";
+      # "Use 192.168.1.53 as your DNS server."
+      dhcp-option = [
+        "option:router,192.168.1.1" # router
+        "option:dns-server,192.168.1.53" # DNS server (this VM)
+      ];
+
+      log-queries = true;
+      localise-queries = true;
+      log-async = true;
+      # log-facility = "/var/log/dnsmasq/dnsmasq.log";
+    };
+  };
+
+  services.prometheus.exporters.dnsmasq.enable = true;
+  services.prometheus.exporters.dnsmasq.openFirewall = true;
+}