Cloonar/cloonar-assistant
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f032c4abbd8d320956695b1c14feb7d00096018b
cloonar-assistant/modules/cloonar-assistant/networking/dnsmasq.nix

98 lines
4.3 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
# Disable systemd-resolved (same as current unbound.nix)
services.resolved.enable = false;
# Main dnsmasq service with preserved conditional enablement
services.dnsmasq = lib.mkIf config.cloonar-assistant.firewall.enable {
enable = true;
resolveLocalQueries = false; # We handle DNS manually
settings = {
# Interface binding
interface = [
"lan"
"server"
"infrastructure"
"multimedia"
"smart"
"guest"
];
# DHCP ranges per VLAN
dhcp-range = [
"${config.cloonar-assistant.networkPrefix}.96.100,${config.cloonar-assistant.networkPrefix}.96.240,24h"
"${config.cloonar-assistant.networkPrefix}.97.100,${config.cloonar-assistant.networkPrefix}.97.240,24h"
"${config.cloonar-assistant.networkPrefix}.101.100,${config.cloonar-assistant.networkPrefix}.101.240,24h"
"${config.cloonar-assistant.networkPrefix}.99.100,${config.cloonar-assistant.networkPrefix}.99.240,24h"
"${config.cloonar-assistant.networkPrefix}.100.100,${config.cloonar-assistant.networkPrefix}.100.240,24h"
"${config.cloonar-assistant.networkPrefix}.254.10,${config.cloonar-assistant.networkPrefix}.254.254,24h"
];
# DHCP options with VLAN tagging
dhcp-option = [
# LAN VLAN (.96)
"tag:lan,option:router,${config.cloonar-assistant.networkPrefix}.96.1"
"tag:lan,option:dns-server,${config.cloonar-assistant.networkPrefix}.96.1"
"tag:lan,option:domain-name,${config.cloonar-assistant.domain}"
# Server VLAN (.97)
"tag:server,option:router,${config.cloonar-assistant.networkPrefix}.97.1"
"tag:server,option:dns-server,${config.cloonar-assistant.networkPrefix}.97.1"
"tag:server,option:domain-name,${config.cloonar-assistant.domain}"
# Infrastructure VLAN (.101) with CAPWAP option
"tag:infrastructure,option:router,${config.cloonar-assistant.networkPrefix}.101.1"
"tag:infrastructure,option:dns-server,${config.cloonar-assistant.networkPrefix}.101.1"
"tag:infrastructure,option:domain-name,${config.cloonar-assistant.domain}"
"tag:infrastructure,138,${config.cloonar-assistant.networkPrefix}.97.2" # CAPWAP
# Multimedia VLAN (.99)
"tag:multimedia,option:router,${config.cloonar-assistant.networkPrefix}.99.1"
"tag:multimedia,option:dns-server,${config.cloonar-assistant.networkPrefix}.99.1"
"tag:multimedia,option:domain-name,${config.cloonar-assistant.domain}"
# Smart VLAN (.100)
"tag:smart,option:router,${config.cloonar-assistant.networkPrefix}.100.1"
"tag:smart,option:dns-server,${config.cloonar-assistant.networkPrefix}.100.1"
"tag:smart,option:domain-name,${config.cloonar-assistant.domain}"
# Guest VLAN (.254) - DNS isolation
"tag:guest,option:router,${config.cloonar-assistant.networkPrefix}.254.1"
"tag:guest,option:dns-server,9.9.9.9" # External DNS only
];
# Static DNS records
address = [
"/fw.${config.cloonar-assistant.domain}/${config.cloonar-assistant.networkPrefix}.97.1"
"/fw/${config.cloonar-assistant.networkPrefix}.97.1"
"/home-assistant.${config.cloonar-assistant.domain}/${config.cloonar-assistant.networkPrefix}.97.20"
"/mopidy.${config.cloonar-assistant.domain}/${config.cloonar-assistant.networkPrefix}.97.21"
"/snapcast.${config.cloonar-assistant.domain}/${config.cloonar-assistant.networkPrefix}.97.21"
"/localhost/127.0.0.1"
"/localhost.${config.cloonar-assistant.domain}/127.0.0.1"
];
# Domain configuration
domain = "${config.cloonar-assistant.domain}";
expand-hosts = true;
# Upstream DNS servers (plain DNS, no DoT support in dnsmasq)
server = [
"9.9.9.9"
"149.112.112.11"
];
# Performance and security
cache-size = 1000;
neg-ttl = 60;
domain-needed = true; # Don't forward plain names
bogus-priv = true; # Don't forward RFC1918 reverse lookups
bind-interfaces = true; # Only bind to specified interfaces
};
};
# Firewall configuration (preserve existing)
networking.firewall.allowedUDPPorts = [ 53 5353 ];
}
Reference in New Issue View Git Blame Copy Permalink