From 911fa95dd12840bd735dcdba9313fe3892749eca Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 12:38:24 +0100 Subject: [PATCH] falkenstein: disable zram and add own dns config --- README.md | 1 - hosts/falkenstein/default.nix | 2 +- hosts/falkenstein/modules/dns/default.nix | 70 +++++++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 hosts/falkenstein/modules/dns/default.nix diff --git a/README.md b/README.md index 0ddc915..f3ff301 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ sda ├─sda1 / ├─sda14 # BIOS boot └─sda15 /boot/efi # EFI stuff -zram0 [SWAP] ``` ### vm diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index b84a17a..60cacca 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -5,6 +5,7 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ./modules/backup + ./modules/dns ./modules/fail2ban ./modules/mail ./modules/networks @@ -27,7 +28,6 @@ initrd.systemd.enable = true; kernelPackages = pkgs.linuxPackages_latest; }; - zramSwap.enable = true; time.timeZone = "Europe/Berlin"; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix new file mode 100644 index 0000000..e50a718 --- /dev/null +++ b/hosts/falkenstein/modules/dns/default.nix @@ -0,0 +1,70 @@ +{ pkgs, ... }: +{ + services.bind = { + enable = true; + zones = { + "rfive.de" = { + master = true; + slaves = [ + "192.174.68.104" + "176.97.158.104" + "185.181.104.96" + ]; + extraConfig = '' + also-notify {185.181.104.96;}; + ''; + file = pkgs.writeText "rfive.de_zone.txt" '' + $TTL 3600 + + rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030827 10800 3600 604800 3600 + @ 3600 IN NS ns.rfive.de. + @ 3600 IN NS ns.inwx.de. + @ 3600 IN NS ns2.inwx.de. + + ns.rfive.de. 3600 IN A 23.88.121.184 + ns.rfive.de. 3600 IN AAAA 2a01:4f8:c012:49de::1 + + @ IN A 23.88.121.184 + @ IN AAAA 2a01:4f8:c012:49de::1 + @ IN CAA 0 iodef "mailto:ca@rfive.de" + @ IN CAA 0 issue "letsencrypt.org" + @ IN CAA 0 issuewild ";" + + nuc 3600 IN A 141.30.227.6 + + falkenstein IN A 23.88.121.184 + falkenstein IN AAAA 2a01:4f8:c012:49de::1 + falkenstein IN SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F + falkenstein IN SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990 + falkenstein IN SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A + falkenstein IN SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2 + + @ IN MX 1 mail.rfive.de. + mail IN A 23.88.121.184 + mail IN AAAA 2a01:4f8:c012:49de::1 + + @ IN TXT "v=spf1 mx ~all" + rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" + _dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" + + auth IN CNAME nuc.rfive.de. + test IN CNAME nuc.rfive.de. + cache IN CNAME nuc.rfive.de. + chat IN CNAME nuc.rfive.de. + images.trucksimulatorbot IN CNAME falkenstein.rfive.de. + matrix IN CNAME nuc.rfive.de. + purge IN CNAME falkenstein.rfive.de. + rspamd IN CNAME falkenstein.rfive.de. + seafile IN CNAME nuc.rfive.de. + trucksimulatorbot IN CNAME falkenstein.rfive.de. + uptime IN CNAME nuc.rfive.de. + vault IN CNAME nuc.rfive.de. + + _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c" + ''; + }; + }; + }; + networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 ]; +}