86 lines
2.3 KiB
Nix
86 lines
2.3 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
stateDir = "/var/lib/dnsmasq";
|
|
dnsmasqEventsConf = pkgs.writeText "dnsmasq-events.conf" ''
|
|
dhcp-leasefile=${stateDir}/dnsmasq-events.leases
|
|
bind-dynamic
|
|
listen-address=10.10.0.1
|
|
except-interface=lo
|
|
|
|
domain=events.fablab-nea.de
|
|
dhcp-range=10.10.0.20,10.10.15.254,24h
|
|
|
|
cache-size=10000
|
|
dns-forward-max=1000
|
|
|
|
no-hosts
|
|
'';
|
|
in
|
|
{
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
settings = {
|
|
server = [
|
|
"142.250.185.78" # dns.as250.net
|
|
"2001:470:20::2" # ordns.he.net
|
|
"74.82.42.42" # ordns.he.net
|
|
];
|
|
bind-dynamic = true;
|
|
listen-address = [
|
|
"192.168.93.1"
|
|
"192.168.94.1"
|
|
];
|
|
interface = "lo";
|
|
expand-hosts = true;
|
|
domain = "lab.fablab-nea.de";
|
|
dhcp-range = [
|
|
"set:voice,192.168.93.20,192.168.93.254,4h"
|
|
"set:lab,192.168.94.20,192.168.94.254,4h"
|
|
];
|
|
dhcp-boot = "lpxelinux.0,raven,192.168.94.1";
|
|
cache-size = 10000;
|
|
dns-forward-max = 1000;
|
|
auth-zone = "lab.fablab-nea.de,192.168.94.0/24";
|
|
auth-server = "lab.fablab-nea.de,78.47.224.251";
|
|
no-hosts = true;
|
|
addn-hosts = "${pkgs.writeText "hosts.dnsmasq" ''
|
|
192.168.94.1 raven labsync unifi
|
|
192.168.94.2 switch
|
|
192.168.94.3 schneiderscheune-weinturm-ap
|
|
192.168.94.4 schneiderscheune-weinturm-sta
|
|
192.168.94.5 wechselbruecke-router
|
|
192.168.94.6 wechselbruecke-ap
|
|
192.168.94.7 helferbereich-sta
|
|
192.168.94.8 helferbereich-switch
|
|
192.168.94.9 kleinturmbuehne-router
|
|
''}";
|
|
};
|
|
};
|
|
|
|
systemd.services."dnsmasq-events" = {
|
|
description = "dnsmasq daemon for public event network";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
path = [ pkgs.dnsmasq ];
|
|
preStart = ''
|
|
mkdir -m 755 -p ${stateDir}
|
|
dnsmasq --test -C ${dnsmasqEventsConf}
|
|
'';
|
|
serviceConfig = {
|
|
Type = "dbus";
|
|
BusName = "uk.org.thekelleys.dnsmasq-events";
|
|
ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqEventsConf}";
|
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
|
PrivateTmp = true;
|
|
ProtectSystem = true;
|
|
ProtectHome = true;
|
|
Restart = "on-failure";
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedUDPPorts = [ 53 67 ];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
}
|