motiejus/config
1
Fork 0
Code Packages Releases Activity

nsd: enable remote-control

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-08-07 01:23:41 +03:00
parent 275c4ee8ca
commit a8bf8d7504
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/vno1-oh2/configuration.nix
View File

@ -172,6 +172,7 @@
nsd = { nsd = {
enable = true; enable = true;
remoteControl.enable = true;
interfaces = ["0.0.0.0" "::"]; interfaces = ["0.0.0.0" "::"];
zones = { zones = {
"jakstys.lt.".data = myData.jakstysLTZone; "jakstys.lt.".data = myData.jakstysLTZone;
@ -179,13 +180,27 @@
$ORIGIN _acme-endpoint.grafana.jakstys.lt. $ORIGIN _acme-endpoint.grafana.jakstys.lt.
$TTL 60 $TTL 60
@ SOA _acme-endpoint.grafana.jakstys.lt. motiejus.jakstys.lt. (2023080702 600 600 600 600) @ SOA _acme-endpoint.grafana.jakstys.lt. motiejus.jakstys.lt. (2023080702 600 600 600 600)
@ TXT foo2 @ TXT foo3
ns NS ${myData.hosts."vno1-oh2.servers.jakst".publicIP} ns NS ${myData.hosts."vno1-oh2.servers.jakst".publicIP}
''; '';
}; };
}; };
}; };
systemd.services.nsd-control-setup = {
requiredBy = ["nsd.service"];
before = ["nsd.service"];
unitConfig = {
ConditionPathExists = "!/etc/nsd/nsd_control.key";
};
serviceConfig = {
Type = "oneshot";
UMask = 0077;
};
path = [pkgs.nsd pkgs.openssl];
script = ''nsd-control-setup'';
};
networking = { networking = {
hostId = "f9117e1b"; hostId = "f9117e1b";
hostName = "vno1-oh2"; hostName = "vno1-oh2";
@ -199,8 +214,8 @@
} }
]; ];
firewall = { firewall = {
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [53];
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [53];
logRefusedConnections = false; logRefusedConnections = false;
checkReversePath = "loose"; # for tailscale checkReversePath = "loose"; # for tailscale
}; };