From 449b89ffd5d394a377208ebf76d8d712faaa968f Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sun, 17 Nov 2024 17:22:10 +0530 Subject: [PATCH] all: redo dns --- hosts/bifrost/network/default.nix | 5 +- hosts/bifrost/services/apps/blocky.nix | 57 ++++++++++++++++++++ hosts/bifrost/services/apps/default.nix | 1 + hosts/layne/network/default.nix | 3 +- hosts/rico0/network/default.nix | 3 +- hosts/rico0/services/apps/blocky.nix | 46 +++++++++++++++++ hosts/rico0/services/apps/default.nix | 1 + hosts/rico1/network/default.nix | 3 +- hosts/rico1/services/apps/blocky.nix | 20 ------- hosts/rico1/services/apps/default.nix | 1 - hosts/rico2/network/default.nix | 3 +- hosts/rico2/services/apps/blocky.nix | 20 ------- hosts/rico2/services/apps/default.nix | 1 - hosts/shared/blocky.nix | 69 ++----------------------- hosts/skipper/network/default.nix | 3 +- hosts/wynne/network/default.nix | 3 +- 16 files changed, 115 insertions(+), 124 deletions(-) create mode 100644 hosts/bifrost/services/apps/blocky.nix create mode 100644 hosts/rico0/services/apps/blocky.nix delete mode 100644 hosts/rico1/services/apps/blocky.nix delete mode 100644 hosts/rico2/services/apps/blocky.nix diff --git a/hosts/bifrost/network/default.nix b/hosts/bifrost/network/default.nix index f29897e..9426f24 100644 --- a/hosts/bifrost/network/default.nix +++ b/hosts/bifrost/network/default.nix @@ -37,10 +37,7 @@ networking = { nameservers = [ - "1.1.1.1" - "10.10.10.11" - "1.0.0.1" - "10.10.10.12" + "10.10.10.1" ]; useDHCP = lib.mkDefault false; useNetworkd = true; diff --git a/hosts/bifrost/services/apps/blocky.nix b/hosts/bifrost/services/apps/blocky.nix new file mode 100644 index 0000000..54189c8 --- /dev/null +++ b/hosts/bifrost/services/apps/blocky.nix @@ -0,0 +1,57 @@ +_: +let domainName = "blocky.labs.adtya.xyz"; in { + imports = [ + ../../../shared/blocky.nix + ]; + services = { + caddy = { + virtualHosts."${domainName}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:8080 + ''; + }; + }; + blocky.settings = { + ports = { + dns = "10.10.10.1:53"; + http = "127.0.0.1:8080"; + }; + customDNS = { + mapping = { + # Labs (Homelab) + "gateway.labs.adtya.xyz" = "10.10.10.11"; + "ap1.labs.adtya.xyz" = "10.10.10.11"; + "ap2.labs.adtya.xyz" = "10.10.10.11"; + "switch.labs.adtya.xyz" = "10.10.10.11"; + + # Hosts + "proxy.labs.adtya.xyz" = "10.10.10.1"; + "skipper.labs.adtya.xyz" = "10.10.10.2"; + "rico0.labs.adtya.xyz" = "10.10.10.10"; + "rico1.labs.adtya.xyz" = "10.10.10.11"; + "rico2.labs.adtya.xyz" = "10.10.10.12"; + "wynne.labs.adtya.xyz" = "10.10.10.13"; + "layne.labs.adtya.xyz" = "10.10.10.14"; + + # Services + "alertmanager.labs.adtya.xyz" = "10.10.10.12"; + "bazarr.labs.adtya.xyz" = "10.10.10.14"; + "blocky.labs.adtya.xyz" = "10.10.10.1"; + "blocky.local.adtya.xyz" = "10.10.10.10"; + "grafana.labs.adtya.xyz" = "10.10.10.12"; + "homepage.labs.adtya.xyz" = "10.10.10.12"; + "jellyfin.labs.adtya.xyz" = "10.10.10.14"; + "jellyfin.local.adtya.xyz" = "192.168.1.14"; + "lidarr.labs.adtya.xyz" = "10.10.10.14"; + "loki.labs.adtya.xyz" = "10.10.10.11"; + "prometheus.labs.adtya.xyz" = "10.10.10.11"; + "prowlarr.labs.adtya.xyz" = "10.10.10.14"; + "radarr.labs.adtya.xyz" = "10.10.10.14"; + "readarr.labs.adtya.xyz" = "10.10.10.14"; + "sonarr.labs.adtya.xyz" = "10.10.10.14"; + "transmission.labs.adtya.xyz" = "10.10.10.14"; + }; + }; + }; + }; +} diff --git a/hosts/bifrost/services/apps/default.nix b/hosts/bifrost/services/apps/default.nix index 7fa215c..1d615f8 100644 --- a/hosts/bifrost/services/apps/default.nix +++ b/hosts/bifrost/services/apps/default.nix @@ -2,6 +2,7 @@ _: { imports = [ ./adtya.xyz.nix ./acomputer.lol.nix + ./blocky.nix ./dendrite.nix ./forgejo.nix ./ntfy.nix diff --git a/hosts/layne/network/default.nix b/hosts/layne/network/default.nix index 19c8d76..ea481ec 100644 --- a/hosts/layne/network/default.nix +++ b/hosts/layne/network/default.nix @@ -36,8 +36,7 @@ networking = { useDHCP = lib.mkDefault false; nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useNetworkd = true; nftables.enable = true; diff --git a/hosts/rico0/network/default.nix b/hosts/rico0/network/default.nix index 4b1cc11..801395c 100644 --- a/hosts/rico0/network/default.nix +++ b/hosts/rico0/network/default.nix @@ -36,8 +36,7 @@ networking = { useDHCP = lib.mkDefault false; nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useNetworkd = true; }; diff --git a/hosts/rico0/services/apps/blocky.nix b/hosts/rico0/services/apps/blocky.nix new file mode 100644 index 0000000..78c35a7 --- /dev/null +++ b/hosts/rico0/services/apps/blocky.nix @@ -0,0 +1,46 @@ +_: +let domainName = "blocky.local.adtya.xyz"; in { + imports = [ + ../../../shared/blocky.nix + ]; + networking.firewall = { + allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [ 53 ]; + }; + services = { + caddy = { + virtualHosts."${domainName}" = { + extraConfig = '' + reverse_proxy 127.0.0.1:8080 + ''; + }; + }; + blocky.settings = { + ports = { + dns = "192.168.1.10:53"; + http = "127.0.0.1:8080"; + }; + conditional = { + fallbackUpstream = false; + mapping = { + "local.adtya.xyz" = "192.168.1.1"; + "1.168.192.in-addr.arpa" = "192.168.1.1"; + }; + }; + clientLookup = { + upstream = "192.168.1.1"; + singleNameOrder = [ 2 1 ]; + }; + customDNS = { + mapping = { + # Local (Home Network) + "gateway.local.adtya.xyz" = "192.168.0.1"; + "ap1.local.adtya.xyz" = "192.168.1.1"; + "ap2.local.adtya.xyz" = "192.168.1.2"; + "switch.local.adtya.xyz" = "192.168.1.3"; + "jellyfin.local.adtya.xyz" = "192.168.1.14"; + }; + }; + }; + }; +} diff --git a/hosts/rico0/services/apps/default.nix b/hosts/rico0/services/apps/default.nix index b3afbb0..87cdf36 100644 --- a/hosts/rico0/services/apps/default.nix +++ b/hosts/rico0/services/apps/default.nix @@ -1,5 +1,6 @@ _: { imports = [ + ./blocky.nix ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix ]; diff --git a/hosts/rico1/network/default.nix b/hosts/rico1/network/default.nix index 6fd5b56..a6394e7 100644 --- a/hosts/rico1/network/default.nix +++ b/hosts/rico1/network/default.nix @@ -36,8 +36,7 @@ networking = { useDHCP = lib.mkDefault false; nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useNetworkd = true; }; diff --git a/hosts/rico1/services/apps/blocky.nix b/hosts/rico1/services/apps/blocky.nix deleted file mode 100644 index 3e5d74e..0000000 --- a/hosts/rico1/services/apps/blocky.nix +++ /dev/null @@ -1,20 +0,0 @@ -_: -let domainName = "blocky.rico1.labs.adtya.xyz"; in { - imports = [ - ../../../shared/blocky.nix - ]; - services = { - caddy = { - virtualHosts."${domainName}" = { - extraConfig = '' - reverse_proxy 127.0.0.1:8080 - ''; - }; - }; - blocky.settings.ports = { - dns = "192.168.1.11:53,10.10.10.11:53"; - tls = "192.168.1.11:853,10.10.10.11:853"; - http = "127.0.0.1:8080"; - }; - }; -} diff --git a/hosts/rico1/services/apps/default.nix b/hosts/rico1/services/apps/default.nix index 42b2bb2..e988967 100644 --- a/hosts/rico1/services/apps/default.nix +++ b/hosts/rico1/services/apps/default.nix @@ -1,6 +1,5 @@ _: { imports = [ - ./blocky.nix ./prometheus.nix ./redis.nix ./loki diff --git a/hosts/rico2/network/default.nix b/hosts/rico2/network/default.nix index 6fd5b56..a6394e7 100644 --- a/hosts/rico2/network/default.nix +++ b/hosts/rico2/network/default.nix @@ -36,8 +36,7 @@ networking = { useDHCP = lib.mkDefault false; nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useNetworkd = true; }; diff --git a/hosts/rico2/services/apps/blocky.nix b/hosts/rico2/services/apps/blocky.nix deleted file mode 100644 index 4f8ff47..0000000 --- a/hosts/rico2/services/apps/blocky.nix +++ /dev/null @@ -1,20 +0,0 @@ -_: -let domainName = "blocky.rico2.labs.adtya.xyz"; in { - imports = [ - ../../../shared/blocky.nix - ]; - services = { - caddy = { - virtualHosts."${domainName}" = { - extraConfig = '' - reverse_proxy 127.0.0.1:8080 - ''; - }; - }; - blocky.settings.ports = { - dns = "192.168.1.12:53,10.10.10.12:53"; - tls = "192.168.1.12:853,10.10.10.12:853"; - http = "127.0.0.1:8080"; - }; - }; -} diff --git a/hosts/rico2/services/apps/default.nix b/hosts/rico2/services/apps/default.nix index 04db460..caa0407 100644 --- a/hosts/rico2/services/apps/default.nix +++ b/hosts/rico2/services/apps/default.nix @@ -1,7 +1,6 @@ _: { imports = [ ./alertmanager.nix - ./blocky.nix ./forgejo-actions-runner.nix ./grafana.nix ./homepage.nix diff --git a/hosts/shared/blocky.nix b/hosts/shared/blocky.nix index 2354a24..0be7988 100644 --- a/hosts/shared/blocky.nix +++ b/hosts/shared/blocky.nix @@ -1,22 +1,11 @@ { pkgs, ... }: { - networking = { - firewall = { - allowedTCPPorts = [ - 53 #DNS - ]; - allowedUDPPorts = [ - 53 #DNS - ]; - }; - }; - systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ]; + systemd.services.blocky.unitConfig.After = [ "network-online.target" ]; services = { blocky = { enable = true; settings = { bootstrapDns = [ "tcp+udp:1.1.1.1" ]; upstreams = { - init.strategy = "blocking"; groups = { default = [ # Cloudflare @@ -41,55 +30,10 @@ customDNS = { customTTL = "1h"; filterUnmappedTypes = true; - mapping = { - # Local (Home Network) - "gateway.local.adtya.xyz" = "192.168.0.1"; - "ap1.local.adtya.xyz" = "192.168.1.1"; - "ap2.local.adtya.xyz" = "192.168.1.2"; - "switch.local.adtya.xyz" = "192.168.1.3"; - "jellyfin.local.adtya.xyz" = "192.168.1.14"; - - # Labs (Homelab) - "gateway.labs.adtya.xyz" = "10.10.10.11"; - "ap1.labs.adtya.xyz" = "10.10.10.11"; - "ap2.labs.adtya.xyz" = "10.10.10.11"; - "switch.labs.adtya.xyz" = "10.10.10.11"; - - # Hosts - "proxy.labs.adtya.xyz" = "10.10.10.1"; - "skipper.labs.adtya.xyz" = "10.10.10.2"; - "rico0.labs.adtya.xyz" = "10.10.10.10"; - "rico1.labs.adtya.xyz" = "10.10.10.11"; - "rico2.labs.adtya.xyz" = "10.10.10.12"; - "wynne.labs.adtya.xyz" = "10.10.10.13"; - "layne.labs.adtya.xyz" = "10.10.10.14"; - - # Services - "alertmanager.labs.adtya.xyz" = "10.10.10.12"; - "bazarr.labs.adtya.xyz" = "10.10.10.14"; - "blocky.rico1.labs.adtya.xyz" = "10.10.10.11"; - "blocky.rico2.labs.adtya.xyz" = "10.10.10.12"; - "grafana.labs.adtya.xyz" = "10.10.10.12"; - "homepage.labs.adtya.xyz" = "10.10.10.12"; - "jellyfin.labs.adtya.xyz" = "10.10.10.14"; - "lidarr.labs.adtya.xyz" = "10.10.10.14"; - "loki.labs.adtya.xyz" = "10.10.10.11"; - "prometheus.labs.adtya.xyz" = "10.10.10.11"; - "prowlarr.labs.adtya.xyz" = "10.10.10.14"; - "radarr.labs.adtya.xyz" = "10.10.10.14"; - "readarr.labs.adtya.xyz" = "10.10.10.14"; - "sonarr.labs.adtya.xyz" = "10.10.10.14"; - "transmission.labs.adtya.xyz" = "10.10.10.14"; - }; - }; - conditional = { - fallbackUpstream = false; - mapping = { - "local.adtya.xyz" = "192.168.1.1"; - "1.168.192.in-addr.arpa" = "192.168.1.1"; - }; + mapping = { }; }; blocking = { + startStrategy = "fast"; denylists = { ads = [ "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt" @@ -110,17 +54,10 @@ default = [ "ads" "pihole" ]; }; }; - clientLookup = { - upstream = "192.168.1.1"; - singleNameOrder = [ 2 1 ]; - }; prometheus = { enable = true; path = "/metrics"; }; - redis = { - address = "10.10.10.11:6379"; - }; log = { level = "warn"; format = "json"; diff --git a/hosts/skipper/network/default.nix b/hosts/skipper/network/default.nix index 234e440..cc57bec 100644 --- a/hosts/skipper/network/default.nix +++ b/hosts/skipper/network/default.nix @@ -9,8 +9,7 @@ networking = { nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useDHCP = lib.mkDefault false; extraHosts = '' diff --git a/hosts/wynne/network/default.nix b/hosts/wynne/network/default.nix index 6fd5b56..a6394e7 100644 --- a/hosts/wynne/network/default.nix +++ b/hosts/wynne/network/default.nix @@ -36,8 +36,7 @@ networking = { useDHCP = lib.mkDefault false; nameservers = [ - "10.10.10.11" - "10.10.10.12" + "10.10.10.1" ]; useNetworkd = true; };