adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all: redo dns

Browse source
This commit is contained in:
Adithya 2024-11-17 17:22:10 +05:30
parent 3c598debd5
commit 449b89ffd5
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
16 changed files with 115 additions and 124 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/bifrost/network/default.nix
View file

@ -37,10 +37,7 @@
networking = { networking = {
nameservers = [ nameservers = [
"1.1.1.1" "10.10.10.1"
"10.10.10.11"
"1.0.0.1"
"10.10.10.12"
]; ];
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
useNetworkd = true; useNetworkd = true;

57
hosts/bifrost/services/apps/blocky.nix Normal file
View file

@ -0,0 +1,57 @@
_:
let domainName = "blocky.labs.adtya.xyz"; in {
imports = [
../../../shared/blocky.nix
];
services = {
caddy = {
virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky.settings = {
ports = {
dns = "10.10.10.1:53";
http = "127.0.0.1:8080";
};
customDNS = {
mapping = {
# Labs (Homelab)
"gateway.labs.adtya.xyz" = "10.10.10.11";
"ap1.labs.adtya.xyz" = "10.10.10.11";
"ap2.labs.adtya.xyz" = "10.10.10.11";
"switch.labs.adtya.xyz" = "10.10.10.11";
# Hosts
"proxy.labs.adtya.xyz" = "10.10.10.1";
"skipper.labs.adtya.xyz" = "10.10.10.2";
"rico0.labs.adtya.xyz" = "10.10.10.10";
"rico1.labs.adtya.xyz" = "10.10.10.11";
"rico2.labs.adtya.xyz" = "10.10.10.12";
"wynne.labs.adtya.xyz" = "10.10.10.13";
"layne.labs.adtya.xyz" = "10.10.10.14";
# Services
"alertmanager.labs.adtya.xyz" = "10.10.10.12";
"bazarr.labs.adtya.xyz" = "10.10.10.14";
"blocky.labs.adtya.xyz" = "10.10.10.1";
"blocky.local.adtya.xyz" = "10.10.10.10";
"grafana.labs.adtya.xyz" = "10.10.10.12";
"homepage.labs.adtya.xyz" = "10.10.10.12";
"jellyfin.labs.adtya.xyz" = "10.10.10.14";
"jellyfin.local.adtya.xyz" = "192.168.1.14";
"lidarr.labs.adtya.xyz" = "10.10.10.14";
"loki.labs.adtya.xyz" = "10.10.10.11";
"prometheus.labs.adtya.xyz" = "10.10.10.11";
"prowlarr.labs.adtya.xyz" = "10.10.10.14";
"radarr.labs.adtya.xyz" = "10.10.10.14";
"readarr.labs.adtya.xyz" = "10.10.10.14";
"sonarr.labs.adtya.xyz" = "10.10.10.14";
"transmission.labs.adtya.xyz" = "10.10.10.14";
};
};
};
};
}

1
hosts/bifrost/services/apps/default.nix
View file

@ -2,6 +2,7 @@ _: {
imports = [ imports = [
./adtya.xyz.nix ./adtya.xyz.nix
./acomputer.lol.nix ./acomputer.lol.nix
./blocky.nix
./dendrite.nix ./dendrite.nix
./forgejo.nix ./forgejo.nix
./ntfy.nix ./ntfy.nix

3
hosts/layne/network/default.nix
View file

@ -36,8 +36,7 @@
networking = { networking = {
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useNetworkd = true; useNetworkd = true;
nftables.enable = true; nftables.enable = true;

3
hosts/rico0/network/default.nix
View file

@ -36,8 +36,7 @@
networking = { networking = {
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useNetworkd = true; useNetworkd = true;
}; };

46
hosts/rico0/services/apps/blocky.nix Normal file
View file

@ -0,0 +1,46 @@
_:
let domainName = "blocky.local.adtya.xyz"; in {
imports = [
../../../shared/blocky.nix
];
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
services = {
caddy = {
virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky.settings = {
ports = {
dns = "192.168.1.10:53";
http = "127.0.0.1:8080";
};
conditional = {
fallbackUpstream = false;
mapping = {
"local.adtya.xyz" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1";
};
};
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
customDNS = {
mapping = {
# Local (Home Network)
"gateway.local.adtya.xyz" = "192.168.0.1";
"ap1.local.adtya.xyz" = "192.168.1.1";
"ap2.local.adtya.xyz" = "192.168.1.2";
"switch.local.adtya.xyz" = "192.168.1.3";
"jellyfin.local.adtya.xyz" = "192.168.1.14";
};
};
};
};
}

1
hosts/rico0/services/apps/default.nix
View file

@ -1,5 +1,6 @@
_: { _: {
imports = [ imports = [
./blocky.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix
]; ];

3
hosts/rico1/network/default.nix
View file

@ -36,8 +36,7 @@
networking = { networking = {
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useNetworkd = true; useNetworkd = true;
}; };

20
hosts/rico1/services/apps/blocky.nix
View file

@ -1,20 +0,0 @@
_:
let domainName = "blocky.rico1.labs.adtya.xyz"; in {
imports = [
../../../shared/blocky.nix
];
services = {
caddy = {
virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky.settings.ports = {
dns = "192.168.1.11:53,10.10.10.11:53";
tls = "192.168.1.11:853,10.10.10.11:853";
http = "127.0.0.1:8080";
};
};
}

1
hosts/rico1/services/apps/default.nix
View file

@ -1,6 +1,5 @@
_: { _: {
imports = [ imports = [
./blocky.nix
./prometheus.nix ./prometheus.nix
./redis.nix ./redis.nix
./loki ./loki

3
hosts/rico2/network/default.nix
View file

@ -36,8 +36,7 @@
networking = { networking = {
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useNetworkd = true; useNetworkd = true;
}; };

20
hosts/rico2/services/apps/blocky.nix
View file

@ -1,20 +0,0 @@
_:
let domainName = "blocky.rico2.labs.adtya.xyz"; in {
imports = [
../../../shared/blocky.nix
];
services = {
caddy = {
virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky.settings.ports = {
dns = "192.168.1.12:53,10.10.10.12:53";
tls = "192.168.1.12:853,10.10.10.12:853";
http = "127.0.0.1:8080";
};
};
}

1
hosts/rico2/services/apps/default.nix
View file

@ -1,7 +1,6 @@
_: { _: {
imports = [ imports = [
./alertmanager.nix ./alertmanager.nix
./blocky.nix
./forgejo-actions-runner.nix ./forgejo-actions-runner.nix
./grafana.nix ./grafana.nix
./homepage.nix ./homepage.nix

69
hosts/shared/blocky.nix
View file

@ -1,22 +1,11 @@
{ pkgs, ... }: { { pkgs, ... }: {
networking = { systemd.services.blocky.unitConfig.After = [ "network-online.target" ];
firewall = {
allowedTCPPorts = [
53 #DNS
];
allowedUDPPorts = [
53 #DNS
];
};
};
systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ];
services = { services = {
blocky = { blocky = {
enable = true; enable = true;
settings = { settings = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ]; bootstrapDns = [ "tcp+udp:1.1.1.1" ];
upstreams = { upstreams = {
init.strategy = "blocking";
groups = { groups = {
default = [ default = [
# Cloudflare # Cloudflare
@ -41,55 +30,10 @@
customDNS = { customDNS = {
customTTL = "1h"; customTTL = "1h";
filterUnmappedTypes = true; filterUnmappedTypes = true;
mapping = { mapping = { };
# Local (Home Network)
"gateway.local.adtya.xyz" = "192.168.0.1";
"ap1.local.adtya.xyz" = "192.168.1.1";
"ap2.local.adtya.xyz" = "192.168.1.2";
"switch.local.adtya.xyz" = "192.168.1.3";
"jellyfin.local.adtya.xyz" = "192.168.1.14";
# Labs (Homelab)
"gateway.labs.adtya.xyz" = "10.10.10.11";
"ap1.labs.adtya.xyz" = "10.10.10.11";
"ap2.labs.adtya.xyz" = "10.10.10.11";
"switch.labs.adtya.xyz" = "10.10.10.11";
# Hosts
"proxy.labs.adtya.xyz" = "10.10.10.1";
"skipper.labs.adtya.xyz" = "10.10.10.2";
"rico0.labs.adtya.xyz" = "10.10.10.10";
"rico1.labs.adtya.xyz" = "10.10.10.11";
"rico2.labs.adtya.xyz" = "10.10.10.12";
"wynne.labs.adtya.xyz" = "10.10.10.13";
"layne.labs.adtya.xyz" = "10.10.10.14";
# Services
"alertmanager.labs.adtya.xyz" = "10.10.10.12";
"bazarr.labs.adtya.xyz" = "10.10.10.14";
"blocky.rico1.labs.adtya.xyz" = "10.10.10.11";
"blocky.rico2.labs.adtya.xyz" = "10.10.10.12";
"grafana.labs.adtya.xyz" = "10.10.10.12";
"homepage.labs.adtya.xyz" = "10.10.10.12";
"jellyfin.labs.adtya.xyz" = "10.10.10.14";
"lidarr.labs.adtya.xyz" = "10.10.10.14";
"loki.labs.adtya.xyz" = "10.10.10.11";
"prometheus.labs.adtya.xyz" = "10.10.10.11";
"prowlarr.labs.adtya.xyz" = "10.10.10.14";
"radarr.labs.adtya.xyz" = "10.10.10.14";
"readarr.labs.adtya.xyz" = "10.10.10.14";
"sonarr.labs.adtya.xyz" = "10.10.10.14";
"transmission.labs.adtya.xyz" = "10.10.10.14";
};
};
conditional = {
fallbackUpstream = false;
mapping = {
"local.adtya.xyz" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1";
};
}; };
blocking = { blocking = {
startStrategy = "fast";
denylists = { denylists = {
ads = [ ads = [
"https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt" "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
@ -110,17 +54,10 @@
default = [ "ads" "pihole" ]; default = [ "ads" "pihole" ];
}; };
}; };
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
prometheus = { prometheus = {
enable = true; enable = true;
path = "/metrics"; path = "/metrics";
}; };
redis = {
address = "10.10.10.11:6379";
};
log = { log = {
level = "warn"; level = "warn";
format = "json"; format = "json";

3
hosts/skipper/network/default.nix
View file

@ -9,8 +9,7 @@
networking = { networking = {
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
extraHosts = '' extraHosts = ''

3
hosts/wynne/network/default.nix
View file

@ -36,8 +36,7 @@
networking = { networking = {
useDHCP = lib.mkDefault false; useDHCP = lib.mkDefault false;
nameservers = [ nameservers = [
"10.10.10.11" "10.10.10.1"
"10.10.10.12"
]; ];
useNetworkd = true; useNetworkd = true;
}; };