aboutsummaryrefslogtreecommitdiffstats
path: root/hosts/darkstar/services.nix
blob: 67bfc1bd2913ba90aa5e0da103b744597a87a0ab (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
{
  networking = {
    firewall = {
      allowedTCPPorts = [
        53 # domain
      ];
      allowedUDPPorts = [
        53 # domain
      ];
      interfaces.enp116s0.allowedUDPPorts = [
        123 # ntp
      ];
    };
  };

  services.chrony = {
    enable = true;
    extraConfig = ''
      local stratum 3
      binddevice enp116s0
      allow 192.168.1/24
      server time.cloudflare.com iburst nts
    '';
  };

  services.unbound = {
    enable = true;
    settings = {
      server = {
        access-control = [
          "0.0.0.0/0 refuse"
          "127.0.0.0/8 allow"
          "::0/0 refuse"
          "::1 allow"
          "192.168.1.0/24 allow"
        ];
        hide-identity = true;
        hide-version = true;
        interface = [
          "lo"
          "enp116s0"
        ];
        local-data = [
          "\"darkstar.bitgnome.net. IN A 192.168.1.1\""
          "\"arrakis.bitgnome.net. IN A 192.168.1.2\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
          "\"ginaz.bitgnome.net. IN A 192.168.1.17\""
        ];
        local-data-ptr = [
          "\"192.168.1.1 darkstar.bitgnome.net\""
          "\"192.168.1.2 arrakis.bitgnome.net\""
          "\"192.168.1.17 ginaz.bitgnome.net\""
        ];
        local-zone = [
          "\"bitgnome.net.\" transparent"
          "\"1.168.192.in-addr.arpa.\" static"
        ];
      };
    };
  };
}