valkyrie: Switch from AdGuard Home to blocky (DNS) + kea (DHCP)
This commit is contained in:
parent
f555f54344
commit
c6f9bd3de1
3 changed files with 238 additions and 4 deletions
59
machines/valkyrie/blocky/default.nix
Normal file
59
machines/valkyrie/blocky/default.nix
Normal file
|
@ -0,0 +1,59 @@
|
|||
{
|
||||
services = {
|
||||
blocky = {
|
||||
enable = true;
|
||||
settings = {
|
||||
ports = {
|
||||
dns = 53;
|
||||
http = 4000;
|
||||
};
|
||||
upstreams = {
|
||||
groups = {
|
||||
default = [ "127.0.0.1:5335" ];
|
||||
};
|
||||
};
|
||||
|
||||
blocking = {
|
||||
blacklists = {
|
||||
ads = [
|
||||
"https://big.oisd.nl/domainswild"
|
||||
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
|
||||
];
|
||||
};
|
||||
|
||||
clientGroupsBlock = {
|
||||
default = [ "ads" ];
|
||||
};
|
||||
};
|
||||
|
||||
customDNS = {
|
||||
mapping = {
|
||||
"ci.datarift.nl" = "10.0.0.251";
|
||||
"home.datarift.nl" = "10.0.0.251";
|
||||
"frigate.datarift.nl" = "10.0.0.251";
|
||||
"git.datarift.nl" = "10.0.0.203";
|
||||
"loki.datarift.nl" = "10.0.0.4";
|
||||
"minio.datarift.nl" = "10.0.0.251";
|
||||
"minio-admin.datarift.nl" = "10.0.0.251";
|
||||
"mqtt.datarift.nl" = "10.0.0.254";
|
||||
"nix-cache.datarift.nl" = "10.0.0.209";
|
||||
"saga.datarift.nl" = "10.0.0.251";
|
||||
"track.datarift.nl" = "10.0.0.254";
|
||||
"vaultserver.horus.nu" = "192.168.4.32";
|
||||
"vidz.datarift.nl" = "10.0.0.211";
|
||||
};
|
||||
};
|
||||
|
||||
prometheus = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
queryLog = {
|
||||
type = "csv";
|
||||
target = "/var/lib/blocky/querylog";
|
||||
logRetentionDays = 7;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,7 +7,8 @@
|
|||
../../users/root
|
||||
../../users/erwin
|
||||
|
||||
./adguard
|
||||
./kea
|
||||
./blocky
|
||||
./unbound
|
||||
];
|
||||
|
||||
|
@ -16,9 +17,9 @@
|
|||
enable = true;
|
||||
server = true;
|
||||
};
|
||||
adguard = {
|
||||
upstreams = [ "127.0.0.1:5335" ];
|
||||
};
|
||||
# adguard = {
|
||||
# upstreams = [ "127.0.0.1:5335" ];
|
||||
# };
|
||||
nix-common = {
|
||||
enable = true;
|
||||
remote-builders = true;
|
||||
|
|
174
machines/valkyrie/kea/default.nix
Normal file
174
machines/valkyrie/kea/default.nix
Normal file
|
@ -0,0 +1,174 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services = {
|
||||
kea = {
|
||||
dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# rebind-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.875;
|
||||
# renew-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.5;
|
||||
calculate-tee-times = true; # This makes kea do the same calculation as above
|
||||
valid-lifetime = 3600;
|
||||
|
||||
control-socket = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/kea-dhcp4.socket";
|
||||
};
|
||||
|
||||
option-def = [
|
||||
{
|
||||
space = "ubnt";
|
||||
name = "unifi-address";
|
||||
code = 1;
|
||||
type = "ipv4-address";
|
||||
}
|
||||
];
|
||||
|
||||
client-classes = [
|
||||
{
|
||||
name = "ubnt";
|
||||
test = "substring(option[60].hex,0,4) == 'ubnt'";
|
||||
option-data = [
|
||||
{
|
||||
space = "ubnt";
|
||||
name = "vendor-class-identifier";
|
||||
code = 60;
|
||||
data = "ubnt";
|
||||
}
|
||||
{
|
||||
name = "vendor-encapsulated-options";
|
||||
code = 43;
|
||||
}
|
||||
];
|
||||
option-def = [
|
||||
{
|
||||
name = "vendor-encapsulated-options";
|
||||
code = 43;
|
||||
type = "empty";
|
||||
encapsulate = "ubnt";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
interfaces-config = {
|
||||
interfaces = [ "eth0" ];
|
||||
};
|
||||
|
||||
lease-database = {
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
persist = true;
|
||||
type = "memfile";
|
||||
};
|
||||
|
||||
subnet4 = [
|
||||
{
|
||||
pools = [ { pool = "10.0.0.150 - 10.0.0.200"; } ];
|
||||
subnet = "10.0.0.0/24";
|
||||
option-data = [
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "10.0.0.206";
|
||||
}
|
||||
{
|
||||
space = "ubnt";
|
||||
name = "unifi-address";
|
||||
code = 1;
|
||||
data = "10.0.0.207";
|
||||
}
|
||||
];
|
||||
|
||||
reservations = [
|
||||
{
|
||||
hostname = "loki";
|
||||
hw-address = "04:d9:f5:f9:c2:c5";
|
||||
ip-address = "10.0.0.4";
|
||||
}
|
||||
{
|
||||
hostname = "usw-mini-woonkamer";
|
||||
hw-address = "d0:21:f9:e7:fd:c8";
|
||||
ip-address = "10.0.0.20";
|
||||
}
|
||||
{
|
||||
hostname = "reolink-deurbel";
|
||||
hw-address = "ec:71:db:5a:e3:21";
|
||||
ip-address = "10.0.0.31";
|
||||
}
|
||||
{
|
||||
hostname = "shelly-schuur";
|
||||
hw-address = "dc:4f:22:76:4e:3e";
|
||||
ip-address = "10.0.0.40";
|
||||
}
|
||||
{
|
||||
hostname = "shelly-oven";
|
||||
hw-address = "c4:5b:be:49:fb:e7";
|
||||
ip-address = "10.0.0.41";
|
||||
}
|
||||
{
|
||||
hostname = "shelly-voordeur";
|
||||
hw-address = "dc:4f:22:76:9d:ee";
|
||||
ip-address = "10.0.0.42";
|
||||
}
|
||||
{
|
||||
hostname = "iphone-erwin";
|
||||
hw-address = "60:57:c8:0b:6b:ac";
|
||||
ip-address = "10.0.0.70";
|
||||
}
|
||||
{
|
||||
hostname = "ipad-erwin";
|
||||
hw-address = "14:99:e2:cb:38:78";
|
||||
ip-address = "10.0.0.71";
|
||||
}
|
||||
{
|
||||
hostname = "appletv-woonkamer";
|
||||
hw-address = "f0:b3:ec:52:23:51";
|
||||
ip-address = "10.0.0.80";
|
||||
}
|
||||
{
|
||||
hostname = "sonos-woonkamer";
|
||||
hw-address = "34:7e:5c:dc:f4:34";
|
||||
ip-address = "10.0.0.81";
|
||||
}
|
||||
{
|
||||
hostname = "smile033188";
|
||||
hw-address = "c4:93:00:03:31:89";
|
||||
ip-address = "10.0.0.82";
|
||||
}
|
||||
{
|
||||
hostname = "sonos-hobbykamer";
|
||||
hw-address = "00:0e:58:5f:a9:06";
|
||||
ip-address = "10.0.0.83";
|
||||
}
|
||||
{
|
||||
hostname = "3dprinter-wlan";
|
||||
hw-address = "b8:27:eb:51:ec:4e";
|
||||
ip-address = "10.0.0.120";
|
||||
}
|
||||
{
|
||||
hostname = "3dprinter";
|
||||
hw-address = "b8:27:eb:04:b9:1b";
|
||||
ip-address = "10.0.0.121";
|
||||
}
|
||||
{
|
||||
hostname = "thor";
|
||||
hw-address = "d8:3a:dd:17:9b:d0";
|
||||
ip-address = "10.0.0.122";
|
||||
}
|
||||
{
|
||||
hostname = "thor-wlan";
|
||||
hw-address = "d8:3a:dd:17:9b:d1";
|
||||
ip-address = "10.0.0.123";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
prometheus.exporters.kea = {
|
||||
enable = true;
|
||||
controlSocketPaths = [ config.services.kea.dhcp4.settings.control-socket.socket-name ];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue