+2

nixos/ferret/default.nix

reviewed

··· 8 8 ./media.nix 9 9 ./caddy.nix 10 10 ./paperless.nix 11 11 + 12 12 + ./tailscale-splitdns.nix 11 13 ]; 12 14 13 15 security.polkit.enable = true;

+28

nixos/ferret/tailscale-splitdns.nix

reviewed

··· 1 1 + { pkgs, config, ... }: 2 2 + 3 3 + { 4 4 + networking.firewall.interfaces."${config.services.tailscale.interfaceName}" = { 5 5 + allowedTCPPorts = [ 53 ]; 6 6 + allowedUDPPorts = [ 53 ]; 7 7 + }; 8 8 + 9 9 + services.unbound = { 10 10 + enable = true; 11 11 + settings = { 12 12 + server = { 13 13 + interface = [ "${config.services.tailscale.interfaceName}" ]; 14 14 + access-control = [ "100.0.0.0/8 allow" ]; 15 15 + }; 16 16 + 17 17 + local-zone = { 18 18 + name = "ferret.otter.place"; 19 19 + type = "static"; 20 20 + 21 21 + # hostname = ["ferret.otter.place 100.104.240.21"]; 22 22 + }; 23 23 + 24 24 + local-data = ["ferret.otter.place IN A 100.104.240.21"]; 25 25 + local-data-ptr = ["100.104.240.21 ferret.otter.place"]; 26 26 + }; 27 27 + }; 28 28 + }