nixos-configuration/hosts/aluminium/services/dnsmasq.nix

{ pkgs, ... }:

let
  stateDir = "/var/lib/dnsmasq";
in
{
  services.dnsmasq = {
    enable = true;
    settings = {
      listen-address = [
        "192.168.0.1"
        "192.168.1.1"
      ];
      interface = "lo";
      expand-hosts = true;
      domain = "lan.kbh.jalr.de";
      dhcp-range = [
        "192.168.0.20,192.168.0.254,4h"
        "192.168.1.20,192.168.1.254,4h"
      ];
      cache-size = 10000;
      dns-forward-max = 1000;
      no-hosts = true;
      addn-hosts = "${pkgs.writeText "hosts.dnsmasq" ''
        192.168.0.1 aluminium unifi
      ''}";
      server = [
        "142.250.185.78" # dns.as250.net
        "2001:470:20::2" # ordns.he.net
        "74.82.42.42" # ordns.he.net
      ];
    };
  };

  networking.firewall = {
    allowedUDPPorts = [ 53 67 ];
    allowedTCPPorts = [ 53 ];
  };
}