ma lancache-dns: init
This commit is contained in:
parent
984b7fd31b
commit
2dd0b05558
55
makefu/2configs/lanparty/lancache-dns.nix
Normal file
55
makefu/2configs/lanparty/lancache-dns.nix
Normal file
@ -0,0 +1,55 @@
|
||||
{ pkgs, lib, config, ... }:
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
# see https://github.com/zeropingheroes/lancache for full docs
|
||||
lancache-dns = pkgs.stdenv.mkDerivation rec {
|
||||
name = "lancache-dns-2017-06-28";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
# forked: https://github.com/zeropingheroes/lancache-dns
|
||||
repo = "lancache-dns";
|
||||
owner = "zeropingheroes";
|
||||
rev = "420aa62";
|
||||
sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
|
||||
};
|
||||
phases = [ "unpackPhase" "installPhase" ];
|
||||
# here we can chance to edit `includes/proxy-cache-paths.conf`
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r * $out/
|
||||
'';
|
||||
};
|
||||
stateDir = "/var/lib/unbound";
|
||||
user = "unbound";
|
||||
upstream-server = "8.8.8.8";
|
||||
in {
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ];
|
||||
interfaces = ["0.0.0.0" "::" ];
|
||||
forwardAddresses = [ upstream-server ];
|
||||
extraConfig = ''
|
||||
include: "${stateDir}/lancache/*.conf"
|
||||
'';
|
||||
};
|
||||
services.dnscrypt-proxy.enable = lib.mkForce false;
|
||||
virtualisation.libvirtd.enable = lib.mkForce false;
|
||||
systemd.services.dns-lancache-prepare = {
|
||||
wantedBy = [ "unbound.service" ];
|
||||
before = [ "unbound.service" ];
|
||||
after = [ "network-online.target" ];
|
||||
partOf= [ "unbound.service" ];
|
||||
|
||||
path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
|
||||
script = ''
|
||||
set -xeu
|
||||
current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
|
||||
old_ip=10.1.1.250
|
||||
mkdir -p ${stateDir}
|
||||
rm -rvf ${stateDir}/lancache
|
||||
cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache
|
||||
sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf
|
||||
chown -R unbound ${stateDir}
|
||||
'';
|
||||
};
|
||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||
}
|
Loading…
Reference in New Issue
Block a user