Server/dns: enable and configure dnsmasq

2023-12-09 17:59:44 +01:00 · 2023-12-09 17:59:44 +01:00 · 486d719d52
commit 486d719d52
parent dc3a37fd98
2 changed files with 41 additions and 0 deletions
--- a/roles/server/default.nix
+++ b/roles/server/default.nix
@ -15,5 +15,6 @@
 		./tailscale.nix
 		./traefik.nix
 		./minecraft.nix
+		./dns.nix
 	];
 }
--- a/roles/server/dns.nix
+++ b/roles/server/dns.nix
@ -0,0 +1,40 @@
+{ ... }:
+
+{
+  services.dnsmasq = {
+    enable = true;
+    
+    # Only using this for tailscale IPs, so better to let tailscale itself deal with it
+    resolveLocalQueries = false;
+    
+    settings = {
+      listen-address = [ "100.73.96.48" ];
+      
+      /*
+      Dnsmasq tries to use the tailscale dns server, which is bad cause that points to dnsmasq
+      From the little testing I have done it seems to not cause any issues, but better to be safe
+      than sorry :P
+      */
+      dns-loop-detect = true;
+      ## IPv6 is not a thing in Spain so I'm guaranteed to not use it
+      filter-AAAA = true;
+      expand-hosts = true;
+      domain = "sable-pancake.ts.net";
+      domain-needed = true;
+    };
+  };
+
+  # Add tailscale hosts
+  networking.hosts = {
+    "100.73.96.48" = [ "everest" ];
+    "100.113.139.93" = [ "archie" ];
+    "100.85.48.85" = [ "steamdeck" ];
+    "100.96.92.13" = [ "surfecego" ];
+  };
+
+  # Dnsmasq conflicts with the resolved dns stub listener
+  services.resolved.extraConfig = ''
+    [Resolve]
+    DNSStubListener=no
+  '';
+}