From 3ea51364e2d02cb09c9e4796bda96deb3aa254a6 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 7 Dec 2023 08:40:11 +0100
Subject: [PATCH 1/2] add resolved

---
 hosts/fw.cloonar.com/modules/networking.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/hosts/fw.cloonar.com/modules/networking.nix b/hosts/fw.cloonar.com/modules/networking.nix
index a5591b7..e4b7988 100644
--- a/hosts/fw.cloonar.com/modules/networking.nix
+++ b/hosts/fw.cloonar.com/modules/networking.nix
@@ -20,6 +20,16 @@
     };
   };
 
+  services.resolved = {
+    enable = true;
+    # dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = [ "10.42.97.10" ];
+    # extraConfig = ''
+    #   DNSOverTLS=yes
+    # '';
+  };
+
   networking = {
     useDHCP = false;
     # Define VLANS

From 40fb010825576d0ca2493e3c53cd2af280f06b56 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Thu, 7 Dec 2023 08:40:51 +0100
Subject: [PATCH 2/2] add firewall for resolved

---
 hosts/fw.cloonar.com/modules/firewall.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix
index c152a21..a54f42f 100644
--- a/hosts/fw.cloonar.com/modules/firewall.nix
+++ b/hosts/fw.cloonar.com/modules/firewall.nix
@@ -136,11 +136,12 @@
               "lan",
               "server",
               "vserver",
+              "podman1",
               "infrastructure",
               "wg_cloonar",
               "smart",
               "multimedia"
-            } udp dport { 67, 68 } counter accept
+            } udp dport { 53, 67, 68 } counter accept
 
             # Accept mDNS for avahi reflection
             # iifname "multimedia" ip saddr <chromecast IP> tcp dport { llmnr } counter accept