Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tv dnsmasq service: init

Browse Source
This commit is contained in:
tv 2018-11-26 14:49:13 +01:00
parent 150ca6a78a
commit 2be0042d42
2 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tv/3modules/default.nix
View File

@ -1,6 +1,7 @@
{
imports = [
./charybdis
./dnsmasq.nix
./ejabberd
./hosts.nix
./iptables.nix

57
tv/3modules/dnsmasq.nix Normal file
View File

@ -0,0 +1,57 @@
with import <stockholm/lib>;
{ config, ... }: let
cfg = config.tv.dnsmasq;
in {
options.tv.dnsmasq = {
enable = mkEnableOption "tv.dnsmasq";
dhcp-range = mkOption {
type = types.str;
};
interface = mkOption {
type = types.str;
};
address = mkOption {
type = types.str;
};
prefixLength = mkOption {
type = types.addCheck types.int (x: x >= 0 && x <= 32);
};
};
config = mkIf cfg.enable (mkMerge [
{
networking.dhcpcd.denyInterfaces = [ cfg.interface ];
services.dnsmasq.resolveLocalQueries = false;
networking.interfaces.${cfg.interface} = {
ipv4.addresses = singleton {
address = cfg.address;
prefixLength = cfg.prefixLength;
};
};
services.dnsmasq.enable = true;
services.dnsmasq.extraConfig = ''
dhcp-range=${cfg.dhcp-range}
interface=${cfg.interface}
'';
tv.iptables.extra.filter.INPUT = [
"-i ${cfg.interface} -p tcp -m tcp --dport bootps -j ACCEPT"
"-i ${cfg.interface} -p udp -m udp --dport bootps -j ACCEPT"
"-i ${cfg.interface} -p tcp -m tcp --dport domain -j ACCEPT"
"-i ${cfg.interface} -p udp -m udp --dport domain -j ACCEPT"
];
}
{
# enable forwarding
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
tv.iptables.extra.filter.FORWARD = [
"-m state --state RELATED,ESTABLISHED -j ACCEPT"
"-i ${cfg.interface} -j ACCEPT"
];
tv.iptables.extra.nat.POSTROUTING = [
"-j MASQUERADE"
];
}
]);
}