2024-12-07 12:53:31 +01:00
3 changed files with 12 additions and 8 deletions
--- a/machines/dns01/_configuration.nix
+++ b/machines/dns01/_configuration.nix
@ -13,6 +13,13 @@ lib.extra.mkConfig {
  extraConfig = {
    # TODO : retrieve this address from meta/network.nix
    deployment.targetHost = "45.13.104.26";
+    networking.firewall = {
+      enable = true;
+      logRefusedConnections = lib.mkForce true;
+      logRefusedPackets = lib.mkForce true;
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [ 53 ];
+    };
  };

  root = ./.;
--- a/machines/dns01/lab.dgnum.eu.nix
+++ b/machines/dns01/lab.dgnum.eu.nix
@ -7,7 +7,7 @@ in
 with dns.lib.combinators;
 {
  SOA = {
-    nameServer = "dns01.lab.dgnum.eu";
+    nameServer = "ns01.lab.dgnum.eu";
    adminEmail = "dns@dgnum.eu";
    serial = 2019030800;
    retry = 3600;
@ -15,7 +15,7 @@ with dns.lib.combinators;
  };

  NS = [
-    "dns01.lab.dgnum.eu."
+    "ns01.lab.dgnum.eu."
  ];

  #A = [ "203.0.113.1" ];
@ -28,7 +28,7 @@ with dns.lib.combinators;
    immich = host "129.199.146.101" null;

    # Nameservers
-    dns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";
+    ns01 = host "45.13.104.26" "2a0e:e701:1120:1000:ffff::45.13.104.26";

    # *.infra.beta.dgnum.eu
    infra = {
--- a/machines/dns01/nsd.nix
+++ b/machines/dns01/nsd.nix
@ -6,6 +6,8 @@ in
 {
  services.nsd = {
    enable = true;
+    verbosity = 1000;
+    interfaces = [ "2a0e:e701:1120:1000:ffff::45.13.104.26" ];
    zones = {
      "lab.dgnum.eu" = {
        # provideXFR = [ ... ];
@ -14,9 +16,4 @@ in
      };
    };
  };
-  networking = {
-    firewall = {
-      allowedUDPPorts = [ 53 ];
-    };
-  };
 }