summaryrefslogtreecommitdiffstats
path: root/makefu/2configs/lanparty/lancache-dns.nix
blob: f03fe8773a63f3fbf9a6a8bab6cc339a115cf646 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
{ pkgs, lib, config, ... }:
with import <stockholm/lib>;
let
  # see https://github.com/zeropingheroes/lancache for full docs
  lancache-dns = pkgs.stdenv.mkDerivation rec {
    name = "lancache-dns-2017-06-28";
    src = pkgs.fetchFromGitHub {
      # forked: https://github.com/zeropingheroes/lancache-dns
      repo = "lancache-dns";
      owner = "zeropingheroes";
      rev = "420aa62";
      sha256 = "0ik7by7ripdv2avyy5kk9jp1i7rz9ksc8xmg7n9iik365q9pv94m";
    };
    phases = [ "unpackPhase" "installPhase" ];
    # here we can chance to edit `includes/proxy-cache-paths.conf`
    installPhase = ''
      mkdir -p $out
      cp -r * $out/
    '';
  };
  stateDir = "/var/lib/unbound";
  user = "unbound";
  upstream-server = "8.8.8.8";
  local_ip = "192.168.1.10";
  extra-config = pkgs.writeText "local.conf" ''
    server:
    local-data: "piratebox. A ${local-ip}"
    local-data: "store. A ${local-ip}"
    local-data: "share. A ${local-ip}"
  '';
in {
  services.unbound = {
    enable = true;
    allowedAccess = [ "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" ];
    interfaces = ["0.0.0.0" "::" ];
    forwardAddresses = [ upstream-server ];
    extraConfig = ''
      include: "${stateDir}/lancache/*.conf"
      include: "${extra-config}"
    '';
  };
  services.dnscrypt-proxy.enable = lib.mkForce false;
  virtualisation.libvirtd.enable = lib.mkForce false;
  systemd.services.dns-lancache-prepare = {
      wantedBy = [ "unbound.service" ];
      before = [ "unbound.service" ];
      after = [ "network-online.target" ];
      partOf= [ "unbound.service" ];

      path = [ pkgs.gawk pkgs.iproute pkgs.gnused ];
      script = ''
        set -xeu
        # current_ip=$(ip route get 8.8.8.8 | awk '/8.8.8.8/ {print $NF}')
        current_ip=${local_ip}
        old_ip=10.1.1.250
        mkdir -p ${stateDir}
        rm -rvf ${stateDir}/lancache
        cp -r ${lancache-dns}/upstreams-available ${stateDir}/lancache
        sed -i "s/$old_ip/$current_ip/g" ${stateDir}/lancache/*.conf
        chown -R unbound ${stateDir}
        '';
    };
  networking.firewall.allowedUDPPorts = [ 53 ];
}