From 88be51e982019148abcdc93517a3c4c1fed99b79 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Mon, 28 Oct 2024 23:54:19 +0530 Subject: [PATCH] rico1, rico2: redundant dns --- hosts/rico1/services/apps/blocky.nix | 134 ++--------------------- hosts/rico1/services/apps/prometheus.nix | 10 +- hosts/rico2/services/apps/blocky.nix | 26 +++++ hosts/rico2/services/apps/default.nix | 1 + hosts/shared/blocky.nix | 127 +++++++++++++++++++++ 5 files changed, 165 insertions(+), 133 deletions(-) create mode 100644 hosts/rico2/services/apps/blocky.nix create mode 100644 hosts/shared/blocky.nix diff --git a/hosts/rico1/services/apps/blocky.nix b/hosts/rico1/services/apps/blocky.nix index e72af2f..7d53c81 100644 --- a/hosts/rico1/services/apps/blocky.nix +++ b/hosts/rico1/services/apps/blocky.nix @@ -1,20 +1,12 @@ -{ pkgs, ... }: +_: let inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge; - domainName = "blocky.labs.adtya.xyz"; + domainName = "blocky.rico1.labs.adtya.xyz"; in { - networking = { - firewall = { - allowedTCPPorts = [ - 53 #DNS - ]; - allowedUDPPorts = [ - 53 #DNS - ]; - }; - }; - systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ]; + imports = [ + ../../../shared/blocky.nix + ]; services = { caddy = { virtualHosts."${domainName}" = { @@ -25,118 +17,10 @@ in ''; }; }; - blocky = { - enable = true; - settings = { - bootstrapDns = [ "tcp+udp:1.1.1.1" ]; - upstreams = { - init.strategy = "blocking"; - groups = { - default = [ - # Cloudflare - "tcp+udp:1.1.1.1" - - # Google - "tcp+udp:8.8.8.8" - "tcp+udp:8.8.4.4" - - # Quad9 - "tcp+udp:9.9.9.9" - "tcp+udp:149.112.112.112" - "tcp-tls:dns.quad9.net:853" - "https://dns.quad9.net/dns-query" - ]; - }; - strategy = "parallel_best"; - timeout = "2s"; - userAgent = "Praise the DNS overlords!"; - }; - connectIPVersion = "v4"; - customDNS = { - customTTL = "1h"; - filterUnmappedTypes = true; - mapping = { - # Local (Home Network) - "gateway.local.adtya.xyz" = "192.168.0.1"; - "ap1.local.adtya.xyz" = "192.168.1.1"; - "ap2.local.adtya.xyz" = "192.168.1.2"; - "switch.local.adtya.xyz" = "192.168.1.3"; - "jellyfin.local.adtya.xyz" = "192.168.1.14"; - - # Labs (Homelab) - "gateway.labs.adtya.xyz" = "10.10.10.10"; - "ap1.labs.adtya.xyz" = "10.10.10.10"; - "ap2.labs.adtya.xyz" = "10.10.10.10"; - "switch.labs.adtya.xyz" = "10.10.10.10"; - "proxy.labs.adtya.xyz" = "10.10.10.1"; - "skipper.labs.adtya.xyz" = "10.10.10.2"; - "rico0.labs.adtya.xyz" = "10.10.10.10"; - "rico1.labs.adtya.xyz" = "10.10.10.11"; - "rico2.labs.adtya.xyz" = "10.10.10.12"; - "wynne.labs.adtya.xyz" = "10.10.10.13"; - "layne.labs.adtya.xyz" = "10.10.10.14"; - "alertmanager.labs.adtya.xyz" = "10.10.10.11"; - "blocky.labs.adtya.xyz" = "10.10.10.11"; - "frp.labs.adtya.xyz" = "10.10.10.10"; - "grafana.labs.adtya.xyz" = "10.10.10.11"; - "loki.labs.adtya.xyz" = "10.10.10.11"; - "prometheus.labs.adtya.xyz" = "10.10.10.11"; - "transmission.labs.adtya.xyz" = "10.10.10.14"; - "jellyfin.labs.adtya.xyz" = "10.10.10.14"; - "radarr.labs.adtya.xyz" = "10.10.10.14"; - "sonarr.labs.adtya.xyz" = "10.10.10.14"; - "readarr.labs.adtya.xyz" = "10.10.10.14"; - "jackett.labs.adtya.xyz" = "10.10.10.14"; - }; - }; - conditional = { - fallbackUpstream = false; - mapping = { - "local.adtya.xyz" = "192.168.1.1"; - "1.168.192.in-addr.arpa" = "192.168.1.1"; - }; - }; - blocking = { - denylists = { - ads = [ - "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt" - ]; - pihole = [ - "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" - ]; - }; - allowlists = { - pihole = [ - (pkgs.writeText "allowlist.txt" '' - s.youtube.com - '') - ]; - - }; - clientGroupsBlock = { - default = [ "ads" "pihole" ]; - }; - }; - clientLookup = { - upstream = "192.168.1.1"; - singleNameOrder = [ 2 1 ]; - }; - prometheus = { - enable = true; - path = "/metrics"; - }; - ports = { - dns = "192.168.1.11:53,10.10.10.11:53"; - tls = "192.168.1.11:853,10.10.10.11:853"; - http = "127.0.0.1:8080"; - }; - log = { - level = "warn"; - format = "json"; - timestamp = true; - privacy = true; - }; - }; + blocky.settings.ports = { + dns = "192.168.1.11:53,10.10.10.11:53"; + tls = "192.168.1.11:853,10.10.10.11:853"; + http = "127.0.0.1:8080"; }; }; } diff --git a/hosts/rico1/services/apps/prometheus.nix b/hosts/rico1/services/apps/prometheus.nix index eedf9fc..38541c5 100644 --- a/hosts/rico1/services/apps/prometheus.nix +++ b/hosts/rico1/services/apps/prometheus.nix @@ -95,18 +95,12 @@ in { targets = [ "layne.labs.adtya.xyz" ]; } ]; } - { - job_name = "frp"; - scheme = "https"; - static_configs = [ - { targets = [ "frp.labs.adtya.xyz" ]; } - ]; - } { job_name = "blocky"; scheme = "https"; static_configs = [ - { targets = [ "blocky.labs.adtya.xyz" ]; } + { targets = [ "blocky.rico1.labs.adtya.xyz" ]; } + { targets = [ "blocky.rico2.labs.adtya.xyz" ]; } ]; } ]; diff --git a/hosts/rico2/services/apps/blocky.nix b/hosts/rico2/services/apps/blocky.nix new file mode 100644 index 0000000..3c9a66d --- /dev/null +++ b/hosts/rico2/services/apps/blocky.nix @@ -0,0 +1,26 @@ +_: +let + inherit (import ../../../shared/caddy-helpers.nix) logFormat tlsAcmeDnsChallenge; + domainName = "blocky.rico2.labs.adtya.xyz"; +in +{ + imports = [ + ../../../shared/blocky.nix + ]; + services = { + caddy = { + virtualHosts."${domainName}" = { + inherit logFormat; + extraConfig = '' + ${tlsAcmeDnsChallenge} + reverse_proxy 127.0.0.1:8080 + ''; + }; + }; + blocky.settings.ports = { + dns = "192.168.1.12:53,10.10.10.12:53"; + tls = "192.168.1.12:853,10.10.10.12:853"; + http = "127.0.0.1:8080"; + }; + }; +} diff --git a/hosts/rico2/services/apps/default.nix b/hosts/rico2/services/apps/default.nix index 2db68d9..2a8bf44 100644 --- a/hosts/rico2/services/apps/default.nix +++ b/hosts/rico2/services/apps/default.nix @@ -1,6 +1,7 @@ _: { imports = [ ./alertmanager.nix + ./blocky.nix ./grafana.nix ../../../shared/prometheus-exporters.nix ../../../shared/promtail.nix diff --git a/hosts/shared/blocky.nix b/hosts/shared/blocky.nix new file mode 100644 index 0000000..582c515 --- /dev/null +++ b/hosts/shared/blocky.nix @@ -0,0 +1,127 @@ +{ pkgs, ... }: { + networking = { + firewall = { + allowedTCPPorts = [ + 53 #DNS + ]; + allowedUDPPorts = [ + 53 #DNS + ]; + }; + }; + systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ]; + services = { + blocky = { + enable = true; + settings = { + bootstrapDns = [ "tcp+udp:1.1.1.1" ]; + upstreams = { + init.strategy = "blocking"; + groups = { + default = [ + # Cloudflare + "tcp+udp:1.1.1.1" + + # Google + "tcp+udp:8.8.8.8" + "tcp+udp:8.8.4.4" + + # Quad9 + "tcp+udp:9.9.9.9" + "tcp+udp:149.112.112.112" + "tcp-tls:dns.quad9.net:853" + "https://dns.quad9.net/dns-query" + ]; + }; + strategy = "parallel_best"; + timeout = "2s"; + userAgent = "Praise the DNS overlords!"; + }; + connectIPVersion = "v4"; + customDNS = { + customTTL = "1h"; + filterUnmappedTypes = true; + mapping = { + # Local (Home Network) + "gateway.local.adtya.xyz" = "192.168.0.1"; + "ap1.local.adtya.xyz" = "192.168.1.1"; + "ap2.local.adtya.xyz" = "192.168.1.2"; + "switch.local.adtya.xyz" = "192.168.1.3"; + "jellyfin.local.adtya.xyz" = "192.168.1.14"; + + # Labs (Homelab) + "gateway.labs.adtya.xyz" = "10.10.10.11"; + "ap1.labs.adtya.xyz" = "10.10.10.11"; + "ap2.labs.adtya.xyz" = "10.10.10.11"; + "switch.labs.adtya.xyz" = "10.10.10.11"; + + # Hosts + "proxy.labs.adtya.xyz" = "10.10.10.1"; + "skipper.labs.adtya.xyz" = "10.10.10.2"; + "rico0.labs.adtya.xyz" = "10.10.10.10"; + "rico1.labs.adtya.xyz" = "10.10.10.11"; + "rico2.labs.adtya.xyz" = "10.10.10.12"; + "wynne.labs.adtya.xyz" = "10.10.10.13"; + "layne.labs.adtya.xyz" = "10.10.10.14"; + + # Services + "alertmanager.labs.adtya.xyz" = "10.10.10.12"; + "blocky.rico1.labs.adtya.xyz" = "10.10.10.11"; + "blocky.rico2.labs.adtya.xyz" = "10.10.10.12"; + "grafana.labs.adtya.xyz" = "10.10.10.12"; + "jackett.labs.adtya.xyz" = "10.10.10.14"; + "jellyfin.labs.adtya.xyz" = "10.10.10.14"; + "loki.labs.adtya.xyz" = "10.10.10.11"; + "prometheus.labs.adtya.xyz" = "10.10.10.11"; + "radarr.labs.adtya.xyz" = "10.10.10.14"; + "readarr.labs.adtya.xyz" = "10.10.10.14"; + "sonarr.labs.adtya.xyz" = "10.10.10.14"; + "transmission.labs.adtya.xyz" = "10.10.10.14"; + }; + }; + conditional = { + fallbackUpstream = false; + mapping = { + "local.adtya.xyz" = "192.168.1.1"; + "1.168.192.in-addr.arpa" = "192.168.1.1"; + }; + }; + blocking = { + denylists = { + ads = [ + "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt" + ]; + pihole = [ + "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" + ]; + }; + allowlists = { + pihole = [ + (pkgs.writeText "allowlist.txt" '' + s.youtube.com + '') + ]; + + }; + clientGroupsBlock = { + default = [ "ads" "pihole" ]; + }; + }; + clientLookup = { + upstream = "192.168.1.1"; + singleNameOrder = [ 2 1 ]; + }; + prometheus = { + enable = true; + path = "/metrics"; + }; + log = { + level = "warn"; + format = "json"; + timestamp = true; + privacy = true; + }; + }; + }; + }; +}