aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/darkstar/services.nix
blob: 33792e599ffe33790ba9ef744a2dbb87d598f6c0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
{
  networking = {
    firewall = {
      allowedTCPPorts = [
        53 # domain
      ];
      allowedUDPPorts = [
        53 # domain
      ];
      interfaces.enp116s0.allowedUDPPorts = [
        69 # xinetd/tftpd
        123 # ntp
      ];
    };
  };

  services.chrony = {
    extraConfig = ''
      local stratum 3
      binddevice enp116s0
      allow 192.168.1/24
    '';
  };

  services.unbound = {
    enable = true;
    settings = {
      server = {
        access-control = [
          "0.0.0.0/0 refuse"
          "127.0.0.0/8 allow"
          "::0/0 refuse"
          "::1 allow"
          "192.168.1.0/24 allow"
        ];
        hide-identity = true;
        hide-version = true;
        interface = [
          "lo"
          "enp116s0"
        ];
        local-data = [
          "\"darkstar.bitgnome.net. IN A 192.168.1.1\""
          "\"arrakis.bitgnome.net. IN A 192.168.1.2\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
        ];
        local-data-ptr = [
          "\"192.168.1.1 darkstar.bitgnome.net\""
          "\"192.168.1.2 arrakis.bitgnome.net\""
          "\"192.168.1.17 ginaz.bitgnome.net\""
        ];
        local-zone = [
          "\"bitgnome.net.\" transparent"
          "\"1.168.192.in-addr.arpa.\" static"
        ];
      };
    };
  };
}