From 3f67794ffafd3dc095d2d412ebbd9497eeaa971a Mon Sep 17 00:00:00 2001
From: Constantin Gierczak--Galle <git.cst1@mailbox.org>
Date: Sat, 7 Dec 2024 12:52:17 +0100
Subject: [PATCH] fix(dns01): open ports and bind to interface

---
 machines/dns01/_configuration.nix | 7 +++++++
 machines/dns01/lab.dgnum.eu.nix   | 6 +++---
 machines/dns01/nsd.nix            | 7 ++-----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/machines/dns01/_configuration.nix b/machines/dns01/_configuration.nix
index 0a3c5f5..2c5066d 100644
--- a/machines/dns01/_configuration.nix
+++ b/machines/dns01/_configuration.nix
@@ -13,6 +13,13 @@ lib.extra.mkConfig {
   extraConfig = {
     # TODO : retrieve this address from meta/network.nix
     deployment.targetHost = "45.13.104.26";
+    networking.firewall = {
+      enable = true;
+      logRefusedConnections = lib.mkForce true;
+      logRefusedPackets = lib.mkForce true;
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [ 53 ];
+    };
   };
 
   root = ./.;
diff --git a/machines/dns01/lab.dgnum.eu.nix b/machines/dns01/lab.dgnum.eu.nix
index ddd7d8f..2ba4aec 100644
--- a/machines/dns01/lab.dgnum.eu.nix
+++ b/machines/dns01/lab.dgnum.eu.nix
@@ -7,7 +7,7 @@ in
 with dns.lib.combinators;
 {
   SOA = {
-    nameServer = "dns01.lab.dgnum.eu";
+    nameServer = "ns01.lab.dgnum.eu";
     adminEmail = "dns@dgnum.eu";
     serial = 2019030800;
     retry = 3600;
@@ -15,7 +15,7 @@ with dns.lib.combinators;
   };
 
   NS = [
-    "dns01.lab.dgnum.eu."
+    "ns01.lab.dgnum.eu."
   ];
 
   #A = [ "203.0.113.1" ];
@@ -28,7 +28,7 @@ with dns.lib.combinators;
     immich = host "129.199.146.101" null;
 
     # Nameservers
-    dns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
+    ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
 
     # *.infra.beta.dgnum.eu
     infra = {
diff --git a/machines/dns01/nsd.nix b/machines/dns01/nsd.nix
index 3bd7752..4ec0a00 100644
--- a/machines/dns01/nsd.nix
+++ b/machines/dns01/nsd.nix
@@ -6,6 +6,8 @@ in
 {
   services.nsd = {
     enable = true;
+    verbosity = 1000;
+    interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ];
     zones = {
       "lab.dgnum.eu" = {
         # provideXFR = [ ... ];
@@ -14,9 +16,4 @@ in
       };
     };
   };
-  networking = {
-    firewall = {
-      allowedUDPPorts = [ 53 ];
-    };
-  };
 }