hosts/darkstar/services.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{
  networking.nftables.tables.ntp = {
    content = ''
      define int_if = enp116s0

      chain input {
      	type filter hook input priority filter - 1; policy accept;
      	iifname $int_if udp dport ntp accept # 123
      }
    '';
    enable = true;
    family = "inet";
  };

  services.chrony = {
    enable = true;
    extraConfig = ''
      local stratum 3
      binddevice enp116s0
      allow 192.168.1/24
      server time.cloudflare.com iburst nts
    '';
  };

  services.unbound = {
    enable = true;
    settings = {
      server = {
        access-control = [
          "0.0.0.0/0 refuse"
          "127.0.0.0/8 allow"
          "::0/0 refuse"
          "::1 allow"
          "192.168.1.0/24 allow"
        ];
        hide-identity = true;
        hide-version = true;
        interface = [
          "lo"
          "enp116s0"
        ];
        local-data = [
          "\"darkstar.bitgnome.net. IN A 192.168.1.1\""
          "\"arrakis.bitgnome.net. IN A 192.168.1.2\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
        ];
        local-data-ptr = [
          "\"192.168.1.1 darkstar.bitgnome.net\""
          "\"192.168.1.2 arrakis.bitgnome.net\""
          "\"192.168.1.17 ginaz.bitgnome.net\""
        ];
        local-zone = [
          "\"bitgnome.net.\" transparent"
          "\"1.168.192.in-addr.arpa.\" static"
        ];
      };
    };
  };
}