81 lines
1.9 KiB
Nix
81 lines
1.9 KiB
Nix
# Edit this configuration file to define what should be installed on
|
|
# your system. Help is available in the configuration.nix(5) man page, on
|
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
# Include the results of the hardware scan.
|
|
./hardware-configuration.nix
|
|
];
|
|
|
|
age.secrets.dnsmasq-nextdns-profile = {
|
|
file = ../../secrets/dnsmasq-nextdns-profile.age;
|
|
owner = "dnsmasq";
|
|
};
|
|
|
|
nix = {
|
|
settings = {
|
|
auto-optimise-store = true;
|
|
experimental-features = ["nix-command" "flakes"];
|
|
};
|
|
};
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking = {
|
|
hostName = "dnsmasq-cache"; # Define your hostname.
|
|
firewall = {
|
|
enable = true;
|
|
allowedUDPPorts = [53];
|
|
allowedTCPPorts = [22 53 9153];
|
|
trustedInterfaces = ["enp6s18" "tailscale0"];
|
|
checkReversePath = "loose";
|
|
allowedUDPPortRanges = [
|
|
{
|
|
from = 3000;
|
|
to = 22000;
|
|
}
|
|
];
|
|
};
|
|
|
|
nftables.enable = true;
|
|
};
|
|
|
|
services = {
|
|
openssh.enable = true;
|
|
tailscale.enable = true;
|
|
dnsmasq = {
|
|
enable = true;
|
|
settings = {
|
|
interface = "tailscale0";
|
|
cache-size = "4000";
|
|
no-resolv = true;
|
|
bogus-priv = true;
|
|
strict-order = true;
|
|
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0"];
|
|
conf-file = "${config.age.secrets.dnsmasq-nextdns-profile.path}";
|
|
};
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
tailscale
|
|
];
|
|
};
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
dnsmasq_exporter = {
|
|
image = "git.gmem.ca/arch/dnsmasq_exporter";
|
|
extraOptions = ["--network=host"];
|
|
};
|
|
};
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
}
|