feat: adguard home + powerdns plz (#100)
* hack * feat: adguard + powerdns --------- Co-authored-by: Truxnell <9149206+truxnell@users.noreply.github.com>
This commit is contained in:
parent
ab986343e1
commit
0dffbe9433
15 changed files with 309 additions and 50 deletions
|
@ -10,6 +10,8 @@
|
||||||
|
|
||||||
Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations
|
Leveraging nix, nix-os and other funny magic man words to apply machine and home configurations
|
||||||
|
|
||||||
|
[Repository Documentation](https://truxnell.github.io/nix-config/)
|
||||||
|
|
||||||
## Background
|
## Background
|
||||||
|
|
||||||
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go.
|
Having used a variety of infracture as code solutions - and having found them lacking in some areas, it is time to give nix a go.
|
||||||
|
|
BIN
docs/includes/assets/zed_alert.png
Normal file
BIN
docs/includes/assets/zed_alert.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 427 KiB |
6
docs/monitoring/zed.md
Normal file
6
docs/monitoring/zed.md
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
Zed monitoring can also send to pushover!
|
||||||
|
|
||||||
|
<figure markdown="span">
|
||||||
|
![Alt text](../includes/assets/zed_alert.png)
|
||||||
|
<figcaption>Come on these drives are hardly 12months old</figcaption>
|
||||||
|
</figure>
|
|
@ -11,7 +11,7 @@ Code TLDR
|
||||||
|
|
||||||
:simple-github:[/nixos/modules/nixos/system/motd](https://github.com/truxnell/nix-config/blob/462144babe7e7b2a49a985afe87c4b2f1fa8c3f9/nixos/modules/nixos/system/motd/default.nix])
|
:simple-github:[/nixos/modules/nixos/system/motd](https://github.com/truxnell/nix-config/blob/462144babe7e7b2a49a985afe87c4b2f1fa8c3f9/nixos/modules/nixos/system/motd/default.nix])
|
||||||
|
|
||||||
Write a shell script using nix with a bash motd
|
Write a shell script using nix with a bash motd of your choosing.
|
||||||
|
|
||||||
```nix
|
```nix
|
||||||
let
|
let
|
||||||
|
|
|
@ -14,12 +14,21 @@
|
||||||
mySystem.services = {
|
mySystem.services = {
|
||||||
|
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
maddy.enable = true;
|
|
||||||
dnscrypt-proxy.enable = true;
|
|
||||||
cfDdns.enable = true;
|
cfDdns.enable = true;
|
||||||
bind.enable = true;
|
powerdns = {
|
||||||
|
enable = true;
|
||||||
|
admin-ui = false;
|
||||||
};
|
};
|
||||||
|
adguardhome.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# no mutable state I care about
|
||||||
|
mySystem.system.resticBackup =
|
||||||
|
{
|
||||||
|
local.enable = false;
|
||||||
|
remote.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
networking.hostName = "dns01"; # Define your hostname.
|
networking.hostName = "dns01"; # Define your hostname.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -14,10 +14,21 @@
|
||||||
mySystem.services = {
|
mySystem.services = {
|
||||||
|
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
dnscrypt-proxy.enable = true;
|
|
||||||
cfDdns.enable = true;
|
cfDdns.enable = true;
|
||||||
bind.enable = true;
|
powerdns = {
|
||||||
|
enable = true;
|
||||||
|
admin-ui = false;
|
||||||
};
|
};
|
||||||
|
adguardhome.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# no mutable state I care about
|
||||||
|
mySystem.system.resticBackup =
|
||||||
|
{
|
||||||
|
local.enable = false;
|
||||||
|
remote.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
networking.hostName = "dns02"; # Define your hostname.
|
networking.hostName = "dns02"; # Define your hostname.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
|
|
||||||
gatus.enable = true;
|
gatus.enable = true;
|
||||||
homepage.enable = true;
|
homepage.enable = true;
|
||||||
backrest.enable = true;
|
# backrest.enable = true;
|
||||||
|
|
||||||
plex.enable = true;
|
plex.enable = true;
|
||||||
tautulli.enable = true;
|
tautulli.enable = true;
|
||||||
|
@ -22,6 +22,7 @@
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
mySystem.system.systemd.pushover-alerts.enable = false;
|
||||||
|
|
||||||
mySystem.nfs.nas.enable = true;
|
mySystem.nfs.nas.enable = true;
|
||||||
mySystem.persistentFolder = "/persistent";
|
mySystem.persistentFolder = "/persistent";
|
||||||
|
|
90
nixos/modules/nixos/services/adguardhome/default.nix
Normal file
90
nixos/modules/nixos/services/adguardhome/default.nix
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
{ lib
|
||||||
|
, config
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.mySystem.services.adguardhome;
|
||||||
|
port = 53;
|
||||||
|
port_webui = 3000;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.mySystem.services.adguardhome = {
|
||||||
|
enable = mkEnableOption "Adguard Home";
|
||||||
|
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
services.adguardhome = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
mutableSettings = false;
|
||||||
|
settings = {
|
||||||
|
bind_host = "0.0.0.0";
|
||||||
|
bind_port = port_webui;
|
||||||
|
auth_attempts = 3;
|
||||||
|
block_auth_min = 3600;
|
||||||
|
dns = {
|
||||||
|
bind_host = "127.0.0.1";
|
||||||
|
port = port;
|
||||||
|
upstream_dns = [
|
||||||
|
"https://dns10.quad9.net/dns-query"
|
||||||
|
"https://doh.mullvad.net/dns-query"
|
||||||
|
];
|
||||||
|
fallback_dns = [ "https://dns.cloudflare.com/dns-query" ];
|
||||||
|
bootstrap_dns = [
|
||||||
|
# quad9
|
||||||
|
"9.9.9.10"
|
||||||
|
"149.112.112.10"
|
||||||
|
"2620:fe::10"
|
||||||
|
"2620:fe::fe:10"
|
||||||
|
# cloudflare
|
||||||
|
"1.1.1.1"
|
||||||
|
"2606:4700:4700::1111"
|
||||||
|
];
|
||||||
|
upstream_mode = "load_balance";
|
||||||
|
cache_size = 4194304;
|
||||||
|
cache_ttl_min = 60;
|
||||||
|
cache_optimistic = true;
|
||||||
|
use_private_ptr_resolvers = true;
|
||||||
|
local_ptr_upstreams = [ "localhost:5353" ];
|
||||||
|
|
||||||
|
rewrites = [{
|
||||||
|
domain = "*.${config.networking.domain}";
|
||||||
|
answer = "10.8.10.1"; # UDMP router
|
||||||
|
}];
|
||||||
|
|
||||||
|
filters = [
|
||||||
|
{
|
||||||
|
name = "AdGuard DNS filter";
|
||||||
|
url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
|
||||||
|
enabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "AdAway Default Blocklist";
|
||||||
|
url = "https://adaway.org/hosts.txt";
|
||||||
|
enabled = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "OISD (Big)";
|
||||||
|
url = "https://big.oisd.nl";
|
||||||
|
enabled = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
|
|
||||||
|
allowedTCPPorts = [ port port_webui ];
|
||||||
|
allowedUDPPorts = [ port port_webui ];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
|
@ -88,19 +88,14 @@ in
|
||||||
10.5.0.0/24; # CONTAINERS
|
10.5.0.0/24; # CONTAINERS
|
||||||
};
|
};
|
||||||
|
|
||||||
key "tsig-key" {
|
|
||||||
algorithm hmac-sha512;
|
|
||||||
secret "iZhi4kaPJBvqxyW73aKYRnNy5e7N2A+7WczxAMcCvDl8QpAc0HFjfI1Q+0g1SBUQBZXqAvGFViegPsK9lZ3bkA==";
|
|
||||||
};
|
|
||||||
|
|
||||||
zone "trux.dev." {
|
zone "trux.dev." {
|
||||||
type master;
|
type master;
|
||||||
file "${config.sops.secrets."system/networking/bind/trux.dev".path}";
|
file "${config.sops.secrets."system/networking/bind/trux.dev".path}";
|
||||||
allow-transfer {
|
allow-transfer {
|
||||||
tsig-key;
|
|
||||||
};
|
};
|
||||||
update-policy {
|
update-policy {
|
||||||
grant tsig-key zonesub ANY;
|
|
||||||
};
|
};
|
||||||
allow-query { any; };
|
allow-query { any; };
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
system:
|
system:
|
||||||
networking:
|
networking:
|
||||||
bind:
|
bind:
|
||||||
trux.dev: ENC[AES256_GCM,data:+4mZg26mT4V0+ugHOyhuXUl+WdpBju+Nd222jDKMZBQzIrw1ab9J3yBd5X55yT57sdm10AMh78qg/tvoOjMjFSjnU7ftyoTmT4IaKJ64feFX01v02iaH3Qs5WS18qDpQ3WcY2qe2UlACe35jhEzC9jXn+dHM5evwkkVou+BfTbFOTaqmAJnZ4d2q1vzxMQFjTEUm8z5no5c2wOacQJ6zZUQC0q80kLsfuh+dlrMyC6Pb8gpxkvWxGNZM3JkpjA0QOlMhmANAAC5Jo34Cr2tdaM/P2yeo8iiM6UAbBdzX49fc9TBSByQN2NALG5tEpW4/SEBkUAAo2NKXPaWcsQLiQxNFfEPtRKFKeADtc88SE65YsDwr9dtt09YV/0cPoUOo7fI0YLqtdMLKkljYKRTI1hyeyAcZ5uMPfcAcKRs7r+REWn6PRueAF3ncP6aSYEgLUTft3qkrfeJRB/yWtrW/ixQ/0/C66Rm2DQOpZGyVBx7PBUkMb2r9SHRJa/sTpjDTt18/En36qIkhuJjjnTJ93GO1WnnSo3rlUmWVHKBon8Bwegr53qc/j3tEePs1jzwcVDkaRZpiNPG7DVTzC7Z1pY9HiAPNTDR90Odb8WBZGIbm2vuX8ZKOVhbGyX0KJn2x4Z0bgRIAAub8gTn3nvYa0QM0IWM3RhPa3Bng9Q3rCU7TT2k4584sMlz+n3TwARM4k2lR9tuS4g73UpqYX7zzN3tjRdyzaX43R3PtIv3fVES5bStoYssVqih6k6nqwU/osUIgFsag8qC17//d2WNiEltewm5aPEFI3uPT9HIU1ItklUnbvS4rg84nZ2+LPUe3+XjRMGs03CbxFpqifMjM/cqVvx8iWg+OMxph3yhCaiIMA75lXNA59bxrEbLD1kFyq1q/ivwLAiYg6XSRL9pL93MHmQu8MG6zRHDXwV5VyTJ1TndPY13ayFflrdu2eaaE9VxG20j1V9F2+dIVPKRBeX3FAGcDIxxp6KHOyYfl8dgEIrYtPMcdwPxFJebxtvJtj26+RraeP78US7XyUYxlJr4R9lK8rN3VHb5bYSkBk+OoDsEWDQoN/xaPbrAeMPk+sFyXXNG2fp9tSOCdisMkYo0iyuaQ3Vu2ZHdANNrnWmcKpXMFm4R2ro5LGPKeVrDwCXMVX8oa7ahmYTvg0ItE73ocn3jlfITccY6zJ7P3nq/AmF4p17iQI3mri9on8hi5jRkcjieiZZnG995d5YmoG4LPpgzlgrDt5b3lpVeAQHSd+cR/QKiXomYU4rJb/+fuoA5TbuA+/nhY4FzYAteWafeYrboK6GHHkMSMoyudV4apYvanpAUSAvYoAxRiNsy7WRkWrmsEVqCE6ynuNBEYYufp7rUfkSAIuI0u6Jr1RGmzZ0i7KlU524rs2WfiNf/7pu9UCVrvmRmDXXCauLYtoz0I/97746pMdeHENE5lPn8yWRnAL22l6uakYGTXpqgitu7OSwoMHCGPeC1EWkOBTaE+WC9rtI4ERvcaLbAOuT4y9YlmxZo5cRBmGcgaQMWbjFnZ/+Bt9xVPfbchD4+UO6BtxtVHvghny4RP5U+n4HrJyrQTyc02ac8gdUjqDBumNR0iGaxD4lisEu+QqwT4ZDOs+6l6mxdCtKzkqHIquEmwzDO0TAM9UnPbEtcjnVGdxR/k58FqNdPffi4iFouordGgt8neqoK9W72pyVnT/lX1ZFFkSTnj1CiR4UNmQ3ezkWazfaswNKwi5ockF033qpDZQe00nej7AN6WKPDQjPuKDsyftN9Wgr1cFyZsCw9qH4WFJux9lI4rNGEhyTe7oDx8nnLfi8Sj4G49sDCKUqgVgGWKXngI+OfvGnh5nSGe7zzRRzDltCgaWAZYBmZxqUb2odHw2UnI/dyvQzvf76U4wVSF06kef/EaPRsuzYUKCMi6e++tXxXJRlh7GSzz5tDaENhP6G+WTrHBq/harf6+sUhRSmI7fKOR1BJZXv8VOMt1rU6EnWJhusOPsh6GwbmdNvh4nMcZ6Xc2dmPFBJMyYsb2zh1l55bn0ICOZzz0mbQdRJnfwKYvEQPbyJvVGnqN+RP+EUFXsUGXR97ajNJIImeFWM9NI7OLVTs9qk6y9EHNEVXUXszT63eaVrAB3x+GBGuk3ZngWzS4KTnTdhwAX0+6uGYWpKgIPVQpdWVPOoGMcs5aVLTgUNYmfDiDncC671YjNA4qhMo2sD8D/9ClAOrmyamRcZbGN2LKBKUk4UPCN/Pj8Ci5rdc+8qHzzPhuZVosB/qsw5bwB4xDeno/YW5edupvdzYKCETp6rNbK+a5bSP5sD9EliksJa5czAevezR252XcI6JO1Q3PYaBzyzRw6BKRz+5+JMg+4oxdCKTTo4LEvBjwvYQuIveiRwlg211JraswTQbGfGsXhaJJAZFaET5ysAjiuzlIEkvJmv7pG3u8jw9Nd34re5a7NNkwFjGe6m7B+x6Uy2SG6+apzv71QsCOSkbAXZDgmId98Gq3T7+oZqESII9xXTA5usuB3cJiVcdTdw5muj6fYDTqcKYTjzb5pAz6TUSEUbNgm4ft1Iprs/cibiZ7zTm3mRrdOelxGHSGyAHDvhBP4fW1vbXhH+F7nar41gT6EfIgIck4mEaPnnXN9cA7fhvdgK4HZQQ5VGeVpEtOcIuDZa1dZzzxSqekDYylI9KaoNnslLB/vuZkakehU1A9TJrK83ZQMxABRLjMrcPzrgmFawz+qQgx6QgOQBE39RnLh58AuomNc3yqU6FRf8UMsubAOMM9U3yS3eVD1OuyaU8cFa3TqSJkidJoTSr83TwMVca74fn6S6RfBXDMScAUs23zRiaXbcX4rccha/gZj60UHdLrou+fxLKancInp/stqjFyHZH4Xge7Lm9Vx2Go/jxvDzHA4/B02AM5l1KudphXKPBJ1POdcMStCSBQg7ist7NuGquujZKwDlJO78wczqoqegXnzfZTBz5lcgsVd8NZTCuDMcbmgYIZsC1gX8K1+7N++mcvBx2DrmQ2Hh8FpEp58yrsDAyTy8jwv3+tX5vDiKJpl6K9+5bkbx5g3YxPpGR4gUBzKHF3Ze//aAnl8PEls3AvD3a/wwvIi6GLyhQ/+gSwkj2xbAjYi3u57sJZ7A8vjjHiORqmTdBSXndV1WL9qxpVFW6TXMw3A3JgCF5AK/hwVJUIaIXCbv5/nVUo+YtKghTlOiuLUeYKJaEMaZjOBf6EXyCLYs5b9OYx8mNIwqqsQyDhdW+nnZ9BhXytwA1olUccI/oOLxfoqcipj3tHXyMLzvNLNKOyRzknfqRpcfLQTihdm0G6VFB6vUndYdvOZoQgcfluo92TpSUAz+YwSMSINm9DzSXbMbH5ObdBiDiE+QGmXQ0yB2aH/upe0A==,iv:zQXRmnAz6eYEdi1CvPELMLtBDlAn5DJ16Q5GCQ8gBjM=,tag:gLfa8MFwLN64HXhGRP1LpA==,type:str]
|
key: ENC[AES256_GCM,data:43QoyVqdwHO6eSgjbjgl28FSlD2xaoNxWpnc5D7g7jj6HaMwkz0tAnmg+g1fxEj1m826wxxqtgBjbMaDPj/hHtqYrgXsIvPShBSUDAyjoLcNFcsr0BhFVQ/ZWCCiI95SScbMTBJVcegf,iv:/R/7Qb+xPQXjYaQbF3NLeA63XAvdctayO5G8pE9bCE4=,tag:roNy7HNjWrIwZjy3BDAedw==,type:str]
|
||||||
natallan.com: ENC[AES256_GCM,data:xyWDDIp6tSuJt0ESUeCnpzQFhzQ/AzrTSVGO8kAR2I3kAGgcuBYRiyWMhMo7dUYYeFSBtybzyB+fWldBbcdi/pXr4SpSCTzM7dRKi2ICbGDc5Uvm7NHHo69KDcG0ZX/xuw5uAkt7kq4D49t5DwaWPUb9fQj9s5TWj6kY3YTDOdGvlpVum7M2T5c4+HQnN3U8EfPRntq3bApzWLpytkS8fb9INFPo1zmf7dC19xwIszPzafHB6VNVlkuHydxD35y9a2gjHmR9pYmdHMrd/ObYsx5+mhXKQTgAuLEqIe9LqOxlJ17LcrcKgPc9x6bxo3AAe5iELIXguqfYYc0zLKMqnB2wba+gBHkpHhPNkNglvuemevi+CyXNHtNoV9SSfU2+UwactGqm04SlNyri7Nl6vqBi1lfQGxthD2PPAW34y0t6Pahdd4HbGk8Zn+nvq74HwiOcbH0pDBh/G3ODbfBk+gfrCvnPr2QNF6Rns9SBj82J84qPMvCr4+ZN0GqTPE0+SU9s8ihzsfmOYBw5KbA6wnTZL6no1+HMMXaffcGJ9oz646WjMvcnRCbY4pS3ACcHa3ReQBpBkbTHiauyYyYEJp3FEis4H75usZyv8qKWey7/nXFRSE+UBwyIXDNRNuzxDG/3xfvfEB3vdY68lFGhP2YswiAfeluGjtG2zLEPrWyWrlA4kyzQOsTTY3fQSyHOOt4BDLYz+c0kogHfvypqEl+5/hLWmnnUOWhf5pO/jAFkU3tnJCqWp7cncyjY1vJfPBHr4pFprAIyDplRzdAYErrji8ZvVHSXDdtYGDhsDq+4ua5/b4kvFw==,iv:BaKS5fV/9FTn6+XV0FOWhJ/qTZKwZbjFkzrOhZWSaIA=,tag:6swVM+KhxffMmFbOzU+6OQ==,type:str]
|
trux.dev: ENC[AES256_GCM,data:vpbUHK8vWPlKvRdsKKI6oonri8HkwhxXMHuEpFYxtUPjX7/FduMkt08YYBAsjemiYfsV4NoKLmUlbP6nO3yiEY4HObkzM5DYOvMHE1YiFVg8YtAmW46fCAP7kSqz4my5GZ8CBA7/jJNy/Mc2sPsrE/N9IAmsl5nMJTOzaVm2b8QW/WZmHONGRkL3o8lqdhZpETmOJfII0lLd5VBiZRNeDOsldr4RZs4e8TyWRxGoO8/HaRdocGj0wvyKpnUmqwz6SbM1JXzT2zbZBsDNXr7chLdfTVptPwy2dgZzpZtZHi0ZZH7X656Ai4nkuyS/wPu4Zr8uXbvCAoR7K1FPc2fOxPJLrZeciWrauhTRg424NWz3esL0OEnol0LF0LWKQfC/eIlA7rN/MR0eAUvRuWWZtzwGlU+cUUXD+XJcKoos68Do9E1vXhO2OOcA1P0Hsp0+tmEi/7qMwyyikwPhQ6+NmyU9Il3hwkfbpVyA3WvfqeOnL/vAGs42BQFxgbPGmrNTzOVuvDblslodPngbvr3dwukSI5VBhpdPnKfTtJPKqgXGbiIJHhHYCeFXoY3GNx6qAshTqq2/xGiZuZ7mqqHO6aSJr+EQrZGrKiUE5EXn1GE88oK0QWXZyJQoQjygS+Xx1a22wcKv3ZDq/3ueUHR6heLrfGXPoZ7Rjiovb7HOZUNKVNk6laJcGzMMBKyLwoLLdyuWVBGqxjAdEC4umHVT/LBPQ2b+ubqAo2dIMBsqb2x19rLTWyUAEU1fy70C/Pco1P/Y8TkQ/Z9KtutRydIkDp2b0OL2CRBKJw48K7xjjfX5mVMrVTkOsV2RzYiTgf/kjaMFkck4mFZwWoJySnp1vc8WZ93VVy5LfjoTpIWugwy7qnpJ1jq57/o5V3LS90AW92lCa7x7djbIS3YIY0izNCJciLJoKJ6iPCulmP0zq41QV5Ms//uJD7g5667tqDtN7yyqEa02I72VHKiNRQeKpFDlivruQsdQAL3MyCf6in8wwFTac7mL4ZUYb5nsb9xv9vbZqNYl2OBNu28IZrI17vOI4AgaQ9pUV13u4vIJ6hBfSGOzoA1N7uurBS3XIqr3drs8Oc3pWgujP06ok6wRXLGxUuOtBRwM8RE+hmTxKsE4o1Q8fMbpfMfYZsL5i17gDcvuzoP65G/hZNFGNURUuh+kUzbay21igVp6SCMqDSCGdyX9C6l68SIc3K6vkvrJv2mSQnYm80ynhc+zGuGCEvfcbXcPut/OjwHc+6IEXqDbKERv3h+okQtdf3ELq0b0dZwZFO3n1PccbX3pPgQE+Mhv+36JcD0PGqOh5KbZo2vQybfElsP+ipRjvQHNLs7NRiL7JAveavbdczXY1lTdasXJtAHZaZk5LMR3wtF2+8mTTl8wI5Bzrad3iY+WsKBFu2ClyCdYY34X8W/69Nn6xx0LZ0E1gH6uaL5YCKlS/cizR2WOPa6b7litell84p5OkCtvltzQdCxloRWhCa89UASa2SX/wmobuHm9PFHVWHI3rKFoLBtUOrEdIK4f3JAxdaE2lQp6HF6rDoEj4QWF/XqrC2hDb6vneXCZwqvemtwWHTQItPo4/Lz5s2rIi/YSSPxfYTP1w+QNQX751ln7S7g+u7gyE1VH7T6UBsFI/jFnOykdqSOjPNjI6P4w1d1xaObXnlVAkDjNTZAwJqu/zdRA2p9eY93SOB1ppDLxrDufLUIdp2lh4N5R1MeJjq/pFSEWP8yw9av+z719cTKVLLkv0g4z8ynhwZhgd0j5xKEBY5NlSVrt12lP+Pu9qa+srPr1yUFKvkFyMZny3g5o8Cm3vX4LY+QfnVlmXWKzOUR+ZcT8t2mNLUdydGm9X1JGkSw8VkIMGrrZJLYZFl5TSppf1VOhMgY6FnVgY8Ofri+SjaQsUtEtBFfMcTniCHVqviVwQ1T29/PqV9aFagIrynHGdKsZU0FpeBjv42YKLk7gOTVdGfoFcQ7JfbpZnyLGZ/OlVUNO2vsTsrijMloRZQCnQVMgece+9IFDsbI8++HEbhnE6vHslkdfJe6qmMuDhluTSvFsSQK+GoM1ur7ZK8Q26OJzDoROHZg0xdPs8RY/lMv9CCDOcvAx916Ut50GicVgt2pLn2hN1qYVLxZVRhW06+YgjRzKJdBG6i6DCVJDBD9gyukdTUC1md5ifKdnXznDltS1wiHmyDpomaW7FD0shgEehAS8HF5QeqksFPoLyYe1DYjhulwZa9RWTzA8OQaXqfatiXR4fFiS+iWhCT7qwkk2qti6MUlImNV36ZPanjyuv/VP/u1zg8s1S9L+tXxAHoSestkJ0+Q8CoiGnPOyTbQEPNKstEbgjl5gUrmYP54l9gKnI++HKNkwKW1FAnpWjCi0G6VaNcxNfLheEZqBq+kzbzxcYEFG3Uwf8fwcZlp+EDQg40O7R0uDcsteSTtmc6ktrfSw6iFXcVTUW6YFJ6lsbzbjL4z1NFBZIvBCerVXLEY5UWMDS6BsLT4DvEynf4PwSWDnHrkJ5XgyDE5siutkTPgK4qWVy8DIASAUwu+lczKGY9ygKfaRyYVKripEcrpxs8Wq/5z1jgMU4HYH1asiV32sX/gAYK+2mduJY/aBiHWzmcIjsKHWtJPYLqeoPy7f0DmQrMs78L3uYYqyv8JBN27ilxAHYqxjETOZNE9uapnaJH2brKCPFQMYq5LnU2CfRZkvfuwVFejGgDhhRmgyIwpYTo7I9vLa7cxtSI54kRwJ96JPnxVbhI127v6CrrQlhQHJTpGkZtavIFNATctdPP9CWk19K2puzonVHeyfp9TajiaerKZPCPTDdoOFrMUJc9bX7wKIhCZl/xdg7FuzhRTcU8L2hPulmNEXMKRg3MfMgRAaIXvus9Rl0HGmggCg9TNt4SBSt3Wd/hxbNMf14B9Hvf5Jycb8pj5pekk/kw5G8ujU70QLiSBeyerMQodZNfHUxpdm8pi2x4DHjUW3nTWKWAheVO+qOpx7CiWJT751qcPpZz4/hEcT3srPhRA1Bb9br19drklKI4xbvD2S1ZohAN7D1rTKfkfVHNf+j0IHvNHQ8gyyQTIdsysUbv5/a4C1a5KSpFhefKQq+kxJJLmbj42FUJojMSRpOn5rTIKQtTzhiAMg1mfEdui+pZmM1s/H9q8Sbg71x/6/6wjou2/qq8xjxxVk0xJmnlMBxsQ745VQR+TIBIr5Hc0GHm05LnZBlKw0ej3gyUtAtTke6zmSXezU4yPQ6qo8XpTYNXxeFvJMRe0YEpTgEYXvAaaxuU154/nqqLlySNpnXf/s2WFdDCdf6Q5ZaPotzoaICanl1J4fxMNG4Kk5wZ31+9281A3rPJBENFxznj/UK7i4Odir9oCLfNeUyGVbr2VV6Iig3i+RBBwgyQ==,iv:MEA1aXQR/4LFrVOrJmWWwXkbT3FWR8Hp2c4kiw4yv7Y=,tag:FufABt/+oXZCXXw55hvuwA==,type:str]
|
||||||
|
natallan.com: ENC[AES256_GCM,data:nsivV8P1dSHSN/ty7tvBciKz/9xslQFohHh8fYkgoMy2dRoywaxT4+S3/tl499KP1mepw6E0z8SC3vnj5XzT4kFPEcSoUk6OpZTaqNWlwIU7PsaPys41uK9wszkj4W0J1BdbExC9hn4IkwXJ7iRlMqwSlTc2VlNiu+nhiuixvSdsYWqzGpXFzWzd0oPphq/PmJCM2ZQMbVKTnFSer9oeQBRxJ6lj4XYxO6HxT2XNPkXBnx8dr7vgLSANN8GwdnYHbIZ9XWDhaVw+VY21pXyF0I9tnbuZ5oherqTO9cbZ6NGpYeschs3ep9tpoC7QLnJwbOncfCcCvbKxjbdfRzJ+8Mjv16jAmDyFjQII9tvW7NtJtV1zWM59l62u2d7NAHuaEYE2Gr+UES4+DDKw5n6SoYAgHw6k9jMmrtSUKI8TRaBDBTrbuvnhbZOaYF0kLV2De5HWs2wvR7W58tWkmKejI2xYinpkXjtdF8zESdPjgDImnDobQX03GF7HY7tdbZ0ZtdWMI7fud66Db8TumXN3bbQAx9nOFTaNba49jKjVybwVMeOVKrYbbh3X9SpM+REh6fDN0a4iEgrP4I8YF+PqeAxVFlmHWe8JAICLR3JhU75mVYve3u27XGxX3DhGzvIM/JiifcpOg3Lg1rn1RhWt3Zq+H9ygo4N9Sigk/pT7pBhlm548uibYi7/TFe1I5CXkGGQ+I47CKUJzK934EqN9zZ80qDdQS0AN7cI8hXCXgc7+nVBNc/5cu3y9ubKF7xWyhL3RgwdSbCnthG2EQ7GEMZnhDRdazYtdmZhoJw6MyL/AFVZgbHfAyg==,iv:TLCkT60LTZ2m3gYCz4YQ/XYhvbdZJApoW3OekEVjULI=,tag:ZlxHEZQa/pUwjQF3HdqYdw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -12,59 +13,59 @@ sops:
|
||||||
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmk1WUJNMlJZeUJYV0xJ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6cW5zMXc2Skc0S0lvWXF2
|
||||||
a01wZ05OeE1vRjEydGg5cmdzVzlWZ05uZTJRCitHdm9sWmFYY3A4eVNZSGpSMzFu
|
NE0za1kyOU5GY0Z0QW9hTDVuTWRPd2pTcTBjClhOT0xrYUo4Y2Rtd0dyQU9MeWtq
|
||||||
emRtc0xIYUlxbnNpeW45c3ZRem5LUXcKLS0tIFdad25hbktKYkVoQWtLVGJvU1hE
|
dHZMWGZhbWtTOUVPMDlhWUdhVEhIZVEKLS0tIG12Ujh6WEVNeUdvVmtuYmZJdVJG
|
||||||
clJPcm9jbHA4dk5vYzBHTDJvOCtTczAKkFuEWjBNgoVhfsMmmfM8+LEOq1ZQYzWK
|
bWZxWXU5TzlYNDZnY1Fua3RGUEJnNUkKMC/png4A565h/S3B2ZVce7LJi1SMDS5n
|
||||||
NzAHoA0tzMV1775qmxbrYjd4296QwPBpmda/6LFgCbeZVTj2yKNQvw==
|
aYx/nrPTktIe8bCvwF300tNZoZolXONR4awJ9e88uw84t8GYjlNNPw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqQVUxRHpsQ1F2ZnFCYitj
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVmkxam5MVW1FSEo4QjB4
|
||||||
dWtnVmpsZnFuT3ZuL1dsQWY3a28rYzdEdERNCjJhYTBKZmsyQzdJMXo0N1lrUXo2
|
c0VKUDJIVDI1WkFOYmJ2TEcrWGlqQVFGQm1RClBxSjRjSGd3SkRIbUc4OUdhT0F2
|
||||||
ZzdETDA1cUlFcUx6QVQ2c21JSVRYS1UKLS0tIGFMM3VTaUJMR1d4ekhFVVFVeTBN
|
WVJoUlR0amdOcTE4YUMwR1JjTGlBRUkKLS0tIHZFKy9XWnVoQUJLTzZGclp6Y0tQ
|
||||||
NW5EWHIxVDNQV28yMktmUGRKRllEVEkKKrt+lmoGUdzzBQj5xQ3W2XasgWREBuuw
|
cUVoQk9JMEpRNUNQbjcxbnFiUDNmbFUKIBJcq8uJCIhdMv5e79K66Qrxlg88K/Gb
|
||||||
TjjW+1Xcq6CfczAtxAAsr8C5nyIFJO9EUcDsMYabAQyZZp0/tvAy9w==
|
MT1h2v6h5uiYm6JaspSqz9Hqx9YfRocl/kJmVy/QdeIGPVzm24dnIQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVVJTZjV1bVpPemtPSjRO
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Sy85ZVA3WGVhVWlSZmhy
|
||||||
ZHRDRHBraXk5YXV6SDB0QVY1bXIvSnBQRjM4Cms3aWdrQ2NyelB0ODMxclI0ai9v
|
VDBDK2dZYmR6djlQYkhhQ25zeWdxM1JpMEg0Ck5hZm12ZmtkQmJLUmdMNm94WnZL
|
||||||
dWVGUThkV2kvOGlQdXI1bjBPRC9uVFEKLS0tIFRDVGhZRWx2NEhFcHJ4U0lJRlky
|
NnY1eG1neEpLSEVkRGhkY2FHUFhTWVkKLS0tIGVpNlZrRGtqRFR1OVc3enpRUVQ2
|
||||||
QXMwK1pkSTAwYWZnREY3OEx3TU0yamcKHAr9joyZgv8w1QXdIjgsBtwEE75nil2P
|
N2swa1BIellpbjBUbmsyc2NnYmphOU0Kx/4I/zjyi3GlYMgcNIb7sYufLfvJ9Xny
|
||||||
HSQ0LRfRln71JMarqaCvrX3HjCi94yT5+toT+MOor7kovb+o4GEwcQ==
|
HeR7r03YuHu5dOQ1T8iFigXUhy/2DkdW8kWtKlpuT0qg35dKqjCi/w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ0ZaY1dEUlhCNzRiMFNu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyVjBXb2EzM3U0MDRnRGV6
|
||||||
dkRyWGRoTzFJblNHV2trVkdsMVhlMlNzMFYwCkhZUmJRdjAwZTFhcCtlV1hKUE5u
|
YWJieTFHaXFFOEhFdjJNU2x3VVlSOEpBNFFjCkpNZWpxa3ZRRFVabXd5enFqenZY
|
||||||
RzUxckNEOFNqSnR6UVdhWTdaY25VWHMKLS0tIGpWNjRKNnJKc3g0R0NtQ09uQnRT
|
aXpqOC90YXB2aTR5K1FFQ2dnNXVCZlUKLS0tIGkvTmpLeFNGdWpaRU9CaGtLcWgr
|
||||||
SC93Unl6TEh0ZVlzaTFpSEwrMHRuWkEKAcZRLzyOzTOUbZw4Rr6McFVDnZO1U+Ha
|
d09aV285U3YrNjY2VVpFaGtFS1B3bUUKRL1dsEHuWbEjRaKqd2F6xrhC7htNo0hw
|
||||||
HkAd9qJ+n0YSd4NKdHitnL25NXxPs3r0z9gZlPXdgIlT2XbK4RR9uA==
|
fItd7J3gccRP5jUTzJ0QZBJvsj9wCAQU1iJfv14zcO6TzOB5B4jW7w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsN0VwWDNid1c4SmVZQVVI
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WE5LVEFIdVFXT3I1Znk1
|
||||||
UmlFVHhwWHc2ZGMxY0lSNER6Wkt3TzR1QlFzCmo0amJqTHFEYXc1dzQ4d2JrYlhU
|
NmJzWWZHQ05GclNuMFUvZE9PazdFYmZVWmlNClpHVVB1bFhUU3phUjlhQTBDTENq
|
||||||
N3Z4dWdSeGFqUi8vTzU5eE9rOWp5dUUKLS0tIGZhcVhXQzFEZUJhOVdRMXpPeTFF
|
QkNFMTc3VTU1SkxtK0x3SnFzYm90aTgKLS0tIHJHc3NXekM4Ly9SSEFydFZrTk9l
|
||||||
QnZ3Vmt6WkpEdHhWeGJ1YURhd3NZdHcKySPUb9MGFyNmy1EZySRjE4RL8KvbltVO
|
MVUxcEpUemlmWmRvQThUdTdkQ2svNHcK0WyOuWbv+eyYWLFsKBl+K+/n9QCfehqQ
|
||||||
PRUdEwurrCp9ZBq87JfeUbHVvPw5+S0ha+aP8yPefXJGFs4yZBQnSA==
|
0hC0SY2Nf+9YHMDXrSse44NPs/ucOPlYRFV/HbPNvfEF62K7Gt79lA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkQVJmTWxzSzNDT1d1NzFX
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SHFQQUIzQXlqZFFnTWNt
|
||||||
UnFFbHF6YkVjUmRYTm5VVkhRbXF1SzJuT1NvCmROeFRQNkJpNkE2UWVYeW45b0Zt
|
YVJIb0MzTFM2NENpNFFiaHFmaU95K3VLNGdZCkFyMEFHZjhZclJMTE4yRWNJQnJR
|
||||||
dW9Ld3NVend5cEdyN20rV3EzczdHK2MKLS0tIGJYK041RVBBN0IzMC9KRUY1UFNk
|
T25yTWZQOFE5L011M3FnMUxPb3hPbVEKLS0tIElzYlpHUEQwejlDNTFmK3R1dU0r
|
||||||
REM3YnFBaGY1ejRQeldlc0JJSW5aWjQK3ZYIRxiLOx88kimDGq8GoDMVNbpLvOPz
|
RzJ5UGIvUUluZXNzRzlXRWl5aGdmaUUKObqo2Wj62ZcK0qMcsttRHphWTgkPOTz4
|
||||||
EVtii9SHQWk4lTVqyqo2WAIc/2PMM8P7Je9xgc/sigR1i8rLQlAyTg==
|
NkvAvOaSX2wJHRhH9SHGhkPwEhsgdmaagsVpwpLPrOCRlWI/bd1Qhg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-04-15T06:36:15Z"
|
lastmodified: "2024-04-16T06:30:13Z"
|
||||||
mac: ENC[AES256_GCM,data:cIXRUz3h2+PCdp0HLs1WjKPQOeGqgxpKfEXflMMUkX5GspOsrDZZYTF2A6bALaGqWAoqvHp5kxN8exTyl8fGM4x1i/eXQiZmTq/DICfCR890buSWAf83bP3X5+H1FJwR9NX37HZlmFVNWxnrKq4DTkC5Yn750LDd9aMls4EjkWA=,iv:ZDF4tgnUE6sfB7NaCouH3jd5IA5fZhZA9++jgBhg3A8=,tag:7gO7vrpkC+EI6ERjFUSy0A==,type:str]
|
mac: ENC[AES256_GCM,data:PsD5hu5nyjPY9/bgLTiTReqoT+hwlJx8A5pOkCTcPNQs63So4GM5mDDTuWG8u1WlBOEdKEDqVefVMtCiwOsC6xIVM8AHCGOcad2j4qQbHR+2lc8nMZE8R7ceJc2ZeLBPlD5/BQ2R5XiQ+NXu0qypHjYkVwnkI62nPSXALSd9btg=,iv:cy7slD5dcfTEeObWraswcghwhgAe1RylU4aafXezEYU=,tag:/nSCQJDYfrWpfpfdkigV7w==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -14,5 +14,7 @@
|
||||||
./glances
|
./glances
|
||||||
./syncthing
|
./syncthing
|
||||||
./restic
|
./restic
|
||||||
|
./powerdns
|
||||||
|
./adguardhome
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,16 +6,86 @@
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
cfg = config.mySystem.services.powerdns;
|
cfg = config.mySystem.services.powerdns;
|
||||||
|
persistentFolder = "${config.mySystem.persistentFolder}/nixos/pdns";
|
||||||
|
user = "pdns";
|
||||||
|
group = "pdns";
|
||||||
|
configDir = pkgs.writeTextDir "pdns.conf" "${pdnsConfig}";
|
||||||
|
|
||||||
|
# $APIKEY is replaced via envsubst in the pdns module
|
||||||
|
pdnsConfig = ''
|
||||||
|
expand-alias=yes
|
||||||
|
resolver=9.9.9.9:53
|
||||||
|
local-address=0.0.0.0:5353
|
||||||
|
launch=gsqlite3
|
||||||
|
gsqlite3-database=${persistentFolder}/pdns.sqlite3
|
||||||
|
webserver=yes
|
||||||
|
webserver-address=0.0.0.0:8081
|
||||||
|
webserver-allow-from=10.8.10.0/20
|
||||||
|
api=yes
|
||||||
|
api-key=$APIKEY
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.mySystem.services.powerdns.enable = mkEnableOption "powerdns";
|
options.mySystem.services.powerdns =
|
||||||
|
{
|
||||||
|
enable = mkEnableOption "powerdns";
|
||||||
|
openFirewall = mkEnableOption "Open firewall for ${app}" // {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
admin-ui = mkEnableOption "Powerdns-admin UI";
|
||||||
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
||||||
|
# ensure folder exist and has correct owner/group
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d ${persistentFolder} 0755 ${user} ${group} -" #The - disables automatic cleanup, so the file wont be removed after a period
|
||||||
|
];
|
||||||
|
|
||||||
services.powerdns = {
|
services.powerdns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
extraConfig = pdnsConfig;
|
||||||
|
secretFile = config.sops.secrets."system/services/powerdns/apiKey".path;
|
||||||
|
};
|
||||||
|
sops.secrets."system/services/powerdns/apiKey" = {
|
||||||
|
sopsFile = ./secrets.sops.yaml;
|
||||||
|
restartUnits = [ "pdns.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# powerdns doesnt create the sqlite database for us
|
||||||
|
# so we gotta either do it manually once-off or do the below to ensure its created
|
||||||
|
# if the file is missing before service start
|
||||||
|
systemd.services.pdns.serviceConfig.ExecStartPre = lib.mkBefore [
|
||||||
|
(pkgs.writeScript "pdns-sqlite-init.sh"
|
||||||
|
''
|
||||||
|
#!${pkgs.bash}/bin/bash
|
||||||
|
|
||||||
|
pdns_folder="${persistentFolder}"
|
||||||
|
echo "INIT: Checking if pdns sqlite exists"
|
||||||
|
# Check if the pdns.sqlite3 file exists in the pdns folder
|
||||||
|
if [ ! -f "${persistentFolder}/pdns.sqlite3" ]; then
|
||||||
|
echo "INIT: No sqlite db found, initializing from pdns github schema..."
|
||||||
|
|
||||||
|
${pkgs.wget}/bin/wget -O "${persistentFolder}/schema.sqlite3.sql" https://raw.githubusercontent.com/PowerDNS/pdns/master/modules/gsqlite3backend/schema.sqlite3.sql
|
||||||
|
${pkgs.sqlite}/bin/sqlite3 "${persistentFolder}/pdns.sqlite3" < "${persistentFolder}/schema.sqlite3.sql"
|
||||||
|
${pkgs.busybox}/bin/chown pdns:pdns ${persistentFolder}/pdns.sqlite3
|
||||||
|
${pkgs.busybox}/bin/rm "${persistentFolder}/schema.sqlite3.sql"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Exit successfully
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
''
|
||||||
|
)
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
|
|
||||||
|
allowedTCPPorts = [ 8081 5353 ];
|
||||||
|
allowedUDPPorts = [ 8081 5353 ];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
69
nixos/modules/nixos/services/powerdns/secrets.sops.yaml
Normal file
69
nixos/modules/nixos/services/powerdns/secrets.sops.yaml
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
system:
|
||||||
|
services:
|
||||||
|
powerdns:
|
||||||
|
apiKey: ENC[AES256_GCM,data:JaOeUekiyKPum0v18Eundtee1UEG2cRjRU4GNQbAZQ==,iv:bSWeb7aIMIKcK1bbqDES85pjdF6X/fUYodsS2CcMo+s=,tag:35/FQRAN9SHe7a0CORFJzw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1lj5vmr02qkudvv2xedfj5tq8x93gllgpr6tzylwdlt7lud4tfv5qfqsd5u
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUHV3Y2RXblFhOEZCUkxZ
|
||||||
|
bW1VS29LdjBMaWlGdkJoMjVQcTYwR1dWdkhVCnQweW1zYmpGM2dlelN5UHNkSW4z
|
||||||
|
SzVPeEVVeUk4Z3FBekJjZEdzN0RxOVkKLS0tIGpUTzlHb1BNbC9ubGpsZW4yaVBP
|
||||||
|
NXFYK0xocE95eW9yeDBCTy9mZEpKZHcKW2Ih9qfT4uIin+R4x8Qz2RFTmD7Oka0z
|
||||||
|
y8+QoJJh1tLlndUCXqmvgdUf+8ZnUa/AgWqq1g9qxQNg3tng0gi11A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17edew3aahg3t5nte5g0a505sn96vnj8g8gqse8q06ccrrn2n3uysyshu2c
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TnNlRGpJMVhhQUF4ZEJM
|
||||||
|
WmdsSGgrN0hzNGk4dkZNa01pS2crN2tNN21RCjArcHZnUE1vb3FDL0dOaXBDMkNV
|
||||||
|
NlBId21KTnlGVEJWVENnYi8xRVNkbDQKLS0tIDl3dEpkNDNDNy9tNEhCR3RuSUtl
|
||||||
|
SWM0Z1BqNzh5RFlRdFNIeVhGTUcvQWsKO9OrohKpjgXdaJZ91REZREv/3iYxaWcV
|
||||||
|
xPXPl702ionxmgBYz6PIYqLI7vIPaAoUhoGk9f5NSlh2f/aqJBxKbA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1u4tht685sqg6dkmjyer96r93pl425u6353md6fphpd84jh3jwcusvm7mgk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa3djcTNhQTFUTHR5VGxM
|
||||||
|
T1VTVVdGMjdjcC9KSEYxQ3Q4NlZ3VE4zY21nCnFhSmJzSXkyV0NGcjFyNFRsMVha
|
||||||
|
VEZubXVBWGhMS2U3bFB4N2RETzFmUjQKLS0tIGRrQXZKNjdvN1dxMW5VUFVhb1Rs
|
||||||
|
cTJROVhkUDExdHBKNi9SYm1vSGhGYW8K3QBsU3XKJrXaTU/hq5PJYaA23SBjWYSZ
|
||||||
|
yy6zxLp2JB3Hr45GhL9D6Nv+eLyO1grasQEOGNVXnHJC+b/iFqbBYw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cp6vegrmqfkuj8nmt2u3z0sur7n0f7e9x9zmdv4zygp8j2pnucpsdkgagc
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2M1UrVU9LT1BQOFpsdjkr
|
||||||
|
NHZYM0JrY3Q4cHhER1haZVJtUjU0OVNkM1dJCmlsRHBHYm4xMHBrUzF1b044NzRv
|
||||||
|
VnpHQmFPNzg2ZU5tV01HZjRBM0Y1RVUKLS0tIHJVK2VOeEgrMFpDK1R5YmR5TEpp
|
||||||
|
MmxzMlhxeWhqdHNVN0Q1czFlcm5vR0UKHZuB0sllhE3oFPwhQ/S8vgQoy5siszvj
|
||||||
|
vJ0eYAWtRh9CCwI1Mmzz7378Bsz1ukC06Q+ClqKRlvqT11y6djBGCg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1j2r8mypw44uvqhfs53424h6fu2rkr5m7asl7rl3zn3xzva9m3dcqpa97gw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyY2VjeUx1bzFuZzhTbkFZ
|
||||||
|
YnhWNE9hV0kraWV5SnVYaFZxRmlBTWNQSGc4CkRaUU90SXQxWk1oMk5KN3Rqd1Q1
|
||||||
|
NDA2empEbXdvU3dyRWpWSSsvM05mcFUKLS0tIENabFJkd2ZjUFR1M2E1R1RZblhO
|
||||||
|
N042ZUkyek1JR1p5aWo5YnMwMUhaZ3MKMYK57X47Orwb0/wO8L3wZOR2QHXcN+Yu
|
||||||
|
FoJugwYJVOw9r0aTnpSybCMLDoAMqd7FmzBKkgcpouMObqiVhosXrg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1jpeh4s553taxkyxhzlshzqjfrtvmmp5lw0hmpgn3mdnmgzku332qe082dl
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYZEMzQ0lydDR4YmJKczU1
|
||||||
|
UUVTTDlxRjZIWGFiVi81M2xCQVpvNFRIbkZVCnpiTGF2emVlb3g1YkluRWJHSEJL
|
||||||
|
NVhHcVgrNXdmajh4QUNudElWK2NMQ2cKLS0tIGlweFZhR2N2U1hrV2hpZ0F0dzRv
|
||||||
|
M0Q2ajg1aXM2UUJzVFRveXQ1MWJzWkEKHh+pa5qeVnBYFc5fAUSQVKYkcRn81/12
|
||||||
|
HiP5gBVEKZMt33ny8Pyrb8UtrLRe0UPBa2dhOlnq7v8ye48kgY+VFQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-16T09:43:39Z"
|
||||||
|
mac: ENC[AES256_GCM,data:OM1CJJ5GqOMw6jqV6HbL0+xvcmS1JFxq7Q+jCyVvAmC1+FGWBrC5LL4KgLT0BcDgf1QnkQ5EKjYLLQPuXQmZDUDB66M3KXryxoW1n3RfPziLDHSHtybevLlHZ2J+d0k/6Dmp7LkmGVUka/V2ZzFxKGXbwCuUU0clnLRMt47h388=,iv:VysReEM8UaKhrrXXWyUgEqqrrPyVdw4hKeoahSIaK/M=,tag:s2jG5ghsKPU28E1ZHown4Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -69,6 +69,9 @@ with config;
|
||||||
dnsutils
|
dnsutils
|
||||||
nix
|
nix
|
||||||
|
|
||||||
|
# nix dev
|
||||||
|
dnscontrol # for updating internal DNS servers with homelab services
|
||||||
|
|
||||||
# Sensors etc
|
# Sensors etc
|
||||||
lm_sensors
|
lm_sensors
|
||||||
cpufrequtils
|
cpufrequtils
|
||||||
|
|
Reference in a new issue