fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions
nix-gscheits/machines/raven/services/dnsmasq.nix
Jakob Lechner 27460d3682
Fix deprecations
2023-07-13 23:20:41 +00:00

81 lines
2.1 KiB
Nix
Raw Blame History

{ pkgs, ... }:
let
stateDir = "/var/lib/dnsmasq";
dnsmasqEventsConf = pkgs.writeText "dnsmasq-events.conf" ''
dhcp-leasefile=${stateDir}/dnsmasq-events.leases
bind-dynamic
listen-address=10.10.0.1
except-interface=lo
domain=events.fablab-nea.de
dhcp-range=10.10.0.20,10.10.15.254,24h
cache-size=10000
dns-forward-max=1000
no-hosts
'';
in
{
services.dnsmasq = {
enable = true;
settings = {
server = [
"142.250.185.78" # dns.as250.net
"2001:470:20::2" # ordns.he.net
"74.82.42.42" # ordns.he.net
];
bind-dynamic = true;
listen-address = [
"192.168.93.1"
"192.168.94.1"
];
interface = "lo";
expand-hosts = true;
domain = "lab.fablab-nea.de";
dhcp-range = [
"192.168.93.20,192.168.93.254,4h"
"192.168.94.20,192.168.94.254,4h"
];
dhcp-boot = "lpxelinux.0,raven,192.168.94.1";
cache-size = 10000;
dns-forward-max = 1000;
auth-zone = "lab.fablab-nea.de,192.168.94.0/24";
auth-server = "lab.fablab-nea.de,78.47.224.251";
no-hosts = true;
addn-hosts = "${pkgs.writeText "hosts.dnsmasq" ''
192.168.94.1 raven labsync unifi
192.168.94.2 switch
192.168.94.3 schneiderscheune-weinturm-ap
192.168.94.4 schneiderscheune-weinturm-sta
''}";
};
};
systemd.services."dnsmasq-events" = {
description = "dnsmasq daemon for public event network";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.dnsmasq ];
preStart = ''
mkdir -m 755 -p ${stateDir}
dnsmasq --test -C ${dnsmasqEventsConf}
'';
serviceConfig = {
Type = "dbus";
BusName = "uk.org.thekelleys.dnsmasq-events";
ExecStart = "${pkgs.dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqEventsConf}";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
PrivateTmp = true;
ProtectSystem = true;
ProtectHome = true;
Restart = "on-failure";
};
};
networking.firewall = {
allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 53 ];
};
}
Reference in a new issue View git blame Copy permalink