From a8bf8d7504c87445334479f281693e679b44db6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Mon, 7 Aug 2023 01:23:41 +0300 Subject: [PATCH] nsd: enable remote-control --- hosts/vno1-oh2/configuration.nix | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index f7b82a4..5723aa4 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -172,6 +172,7 @@ nsd = { enable = true; + remoteControl.enable = true; interfaces = ["0.0.0.0" "::"]; zones = { "jakstys.lt.".data = myData.jakstysLTZone; @@ -179,13 +180,27 @@ $ORIGIN _acme-endpoint.grafana.jakstys.lt. $TTL 60 @ SOA _acme-endpoint.grafana.jakstys.lt. motiejus.jakstys.lt. (2023080702 600 600 600 600) - @ TXT foo2 + @ TXT foo3 ns NS ${myData.hosts."vno1-oh2.servers.jakst".publicIP} ''; }; }; }; + systemd.services.nsd-control-setup = { + requiredBy = ["nsd.service"]; + before = ["nsd.service"]; + unitConfig = { + ConditionPathExists = "!/etc/nsd/nsd_control.key"; + }; + serviceConfig = { + Type = "oneshot"; + UMask = 0077; + }; + path = [pkgs.nsd pkgs.openssl]; + script = ''nsd-control-setup''; + }; + networking = { hostId = "f9117e1b"; hostName = "vno1-oh2"; @@ -199,8 +214,8 @@ } ]; firewall = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; + allowedUDPPorts = [53]; + allowedTCPPorts = [53]; logRefusedConnections = false; checkReversePath = "loose"; # for tailscale };