about summary refs log tree commit diff
path: root/hosts/carmel/services.nix
blob: 4c17fd86d0c87d47096accc6ea751c10e432d23a (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

{ config, pkgs, ... }: {
  my.services = {
    monitoring = {
      node-exporter.enable = true;
      promtail.enable = true;
    };

    avahi = {
      enable = true;
      withReflector = true;
      interfaces = [ "mgmt0" "iot" ];
    };
  };

  services.dnsmasq = {
    enable = true;
    resolveLocalQueries = true;
    extraConfig = ''
      log-dhcp

      bind-interfaces

      server=8.8.8.8
      server=4.4.4.4
      cache-size=1000

      domain-needed
      domain=home
      local=/home/
      no-resolv

      dhcp-script=${pkgs.tools.dnsmasq-to-html}/bin/dnsmasq-leases-html
      script-on-renewal

      dhcp-authoritative

      interface=mgmt0
      dhcp-range=set:mgmt0,192.168.0.100,192.168.0.199,30m
      dhcp-option=tag:mgmt0,option:router,192.168.0.1

      interface=iot
      dhcp-range=set:iot,192.168.10.100,192.168.10.199,30m
      dhcp-option=tag:iot,option:router,192.168.10.1

      interface=guest
      dhcp-range=set:guest,192.168.20.100,192.168.20.199,30m
      dhcp-option=tag:guest,option:router,192.168.20.1

      dhcp-option=option:dns-server,192.168.0.1,8.8.8.8

      dhcp-host=b4:fb:e4:81:4f:0f,ap-media-room,192.168.0.30,infinite
      dhcp-host=74:83:c2:12:67:2d,ap-living-room,192.168.0.31,infinite
      dhcp-host=b4:fb:e4:81:52:6c,ap-office,192.168.0.32,infinite
      dhcp-host=b4:fb:e4:b2:bd:b8,switch-garage,192.168.0.33,infinite
      dhcp-host=fc:ec:da:78:d8:92,switch-media-room,192.168.0.34,infinite
      dhcp-host=b4:fb:e4:8f:69:0e,switch-office,192.168.0.35,infinite
      dhcp-host=d8:bb:c1:44:1c:d3,tahoe,192.168.0.40,infinite
    '';
  };

  # dnsmasq needs the interfaces to be online
  # https://serverfault.com/a/907603
  systemd.services.dnsmasq = {
    after = [ "network-online.target" "network.target" ];
    wants = [ "network-online.target" ];
  };

  # DNS / DHCPv4 / DHCPv6
  networking.firewall.allowedUDPPorts = [ 53 67 547 ];

  services.prometheus.exporters.dnsmasq = {
    enable = true;
    leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
  };

  services.nginx = {
    virtualHosts."dnsmasq" = {
      listen = [
        {
          addr = "192.168.6.1";
          port = 8067;
        }
      ];
      locations."/" = {
        root = "/var/lib/dnsmasq";
        index = "leases.html";
      };
    };

    streamConfig = ''
      server {
        listen 443;
        proxy_timeout 2s;
        proxy_pass 192.168.0.40:443;
      }

      server {
        listen 80 reuseport;
        proxy_timeout 2s;
        proxy_pass 192.168.0.40:80;
      }
    '';
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 16:35:10 +0000