hyl.st / helm
this repo has no description
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

working split dns config :3

Anish Lakhwara df629af5 f374e8bd

+70 -32
+70 -32
hosts/profiles/dns/default.nix
··· 1 1 { config, pkgs, lib, ... }: 2 + let 3 + adblockLocalZones = pkgs.stdenv.mkDerivation { 4 + name = "unbound-zones-adblock"; 5 + 6 + src = (pkgs.fetchFromGitHub 7 + { 8 + owner = "StevenBlack"; 9 + repo = "hosts"; 10 + rev = "3.12.21"; 11 + sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s="; 12 + } + "/hosts"); 13 + 14 + phases = [ "installPhase" ]; 15 + 16 + installPhase = '' 17 + ${pkgs.gawk}/bin/awk '{sub(/\r$/,"")} {sub(/^127\.0\.0\.1/,"0.0.0.0")} BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" static"}' $src | tr '[:upper:]' '[:lower:]' | sort -u > $out 18 + ''; 19 + }; 20 + 21 + mossnet = "192.168.1.240"; # The local lan-ip for box 22 + wg-mossnet = "10.0.69.4"; # The wireguard ip for box 23 + mossnet-hosts = [ 24 + "mossnet.lan" 25 + "links.mossnet.lan" 26 + "read.mossnet.lan" 27 + "stats.mossnet.lan" 28 + "music.mossnet.lan" 29 + "rss.mossnet.lan" 30 + "tasks.mossnet.lan" 31 + "file.mossnet.lan" 32 + "books.mossnet.lan" 33 + "fin.mossnet.lan" 34 + "paper.mossnet.lan" 35 + "cal.mossnet.lan" 36 + "archive.mossnet.lan" 37 + "tracks.mossnet.lan" 38 + "grasp.mossnet.lan" 39 + ]; 40 + in 2 41 { 3 - services.dnsmasq.enable = true; 4 - services.dnsmasq.extraConfig = '' 5 - domain-needed 6 - no-resolv 7 - local=/lan/ 8 - local=/moss/ 9 - cache-size=5000 10 - addn-hosts=/etc/adblock.hosts 11 - ''; # TODO find a way to make adblock hosts reproducible and updateable 12 - services.dnsmasq.servers = [ "45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8" ]; 13 - # TODO use this list in mossnet-hosts 14 - networking.hosts = { 15 - "192.168.1.240" = [ 16 - "mossnet.lan" 17 - "links.mossnet.lan" 18 - "read.mossnet.lan" 19 - "stats.mossnet.lan" 20 - "music.mossnet.lan" 21 - "rss.mossnet.lan" 22 - "tasks.mossnet.lan" 23 - "file.mossnet.lan" 24 - "books.mossnet.lan" 25 - "fin.mossnet.lan" 26 - "paper.mossnet.lan" 27 - "cal.mossnet.lan" 28 - "archive.mossnet.lan" 29 - "tracks.mossnet.lan" 30 - "grasp.mossnet.lan" 31 - ]; 32 - "192.168.1.226" = [ 33 - "df-web.lan" 34 - ]; 42 + services.unbound = { 43 + enable = true; 44 + settings = { 45 + server = { 46 + include = "${adblockLocalZones}"; 47 + interface = [ "0.0.0.0" ]; 48 + access-control = [ "127.0.0.0/24 allow" "192.168.0.0/24 allow" "10.0.69.0/24 allow" ]; 49 + access-control-view = "10.0.69.0/24 wireguard"; 50 + local-zone = ''"mossnet.lan." redirect''; 51 + local-data = ''"mossnet.lan. IN A ${mossnet}"''; 52 + }; 53 + forward-zone = [{ 54 + name = "."; 55 + forward-addr = [ "45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8" ]; 56 + }]; 57 + view = { 58 + name = "wireguard"; 59 + local-zone = ''"mossnet.lan." redirect''; 60 + local-data = ''"mossnet.lan. IN A ${wg-mossnet}"''; 61 + }; 62 + do-not-query-localhost = "no"; 63 + # Eventually we'll add DNSSEC / DoT 64 + # so-reuseport: yes 65 + # tls-cert-bundle: /etc/ssl/certs/ca-certificates.crt 66 + # tls-upstream: yes 67 + }; 35 68 }; 69 + 70 + # With unbound we're doing wildcard redirects, so we don't need that anymore 71 + # networking.hosts = { 72 + # mossnet = mossnet-hosts; 73 + # }; 36 74 networking.firewall.allowedTCPPorts = [ 53 ]; 37 75 networking.firewall.allowedUDPPorts = [ 53 ]; 38 76 }