{ pkgs, ... }: let stateDir = "/var/lib/dnsmasq"; dnsmasqEventsConf = pkgs.writeText "dnsmasq-events.conf" '' dhcp-leasefile=${stateDir}/dnsmasq-events.leases bind-dynamic listen-address=10.10.0.1 except-interface=lo domain=events.fablab-nea.de dhcp-range=10.10.0.20,10.10.15.254,24h cache-size=10000 dns-forward-max=1000 no-hosts ''; in { services.dnsmasq = { enable = true; settings = { server = [ "142.250.185.78" # dns.as250.net "2001:470:20::2" # ordns.he.net "74.82.42.42" # ordns.he.net ]; bind-dynamic = true; listen-address = [ "192.168.93.1" "192.168.94.1" ]; interface = "lo"; expand-hosts = true; domain = "lab.fablab-nea.de"; dhcp-range = [ "set:voice,192.168.93.20,192.168.93.254,4h" "set:lab,192.168.94.20,192.168.94.254,4h" ]; dhcp-boot = "lpxelinux.0,raven,192.168.94.1"; cache-size = 10000; dns-forward-max = 1000; auth-zone = "lab.fablab-nea.de,192.168.94.0/24"; auth-server = "lab.fablab-nea.de,78.47.224.251"; no-hosts = true; addn-hosts = "${pkgs.writeText "hosts.dnsmasq" '' 192.168.94.1 raven labsync unifi 192.168.94.2 switch 192.168.94.3 schneiderscheune-weinturm-ap 192.168.94.4 schneiderscheune-weinturm-sta 192.168.94.5 wechselbruecke-router 192.168.94.6 wechselbruecke-ap 192.168.94.7 helferbereich-sta 192.168.94.8 helferbereich-switch 192.168.94.9 kleinturmbuehne-router ''}"; }; }; systemd.services."dnsmasq-events" = { description = "dnsmasq daemon for public event network"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; path = [ pkgs.dnsmasq ]; preStart = '' mkdir -m 755 -p ${stateDir} dnsmasq --test -C ${dnsmasqEventsConf} ''; serviceConfig = { Type = "dbus"; BusName = "uk.org.thekelleys.dnsmasq-events"; ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqEventsConf}"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; PrivateTmp = true; ProtectSystem = true; ProtectHome = true; Restart = "on-failure"; }; }; networking.firewall = { allowedUDPPorts = [ 53 67 ]; allowedTCPPorts = [ 53 ]; }; }