diff options
author | Karel Kočí <cynerd@email.cz> | 2024-03-24 19:05:39 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2024-03-24 19:05:39 +0100 |
commit | e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe (patch) | |
tree | 55422d1fc9370dc331fa63125a2df5597310c452 /nixos/modules/router.nix | |
parent | 6c16e4133582def100c39b17369e46906a6d3337 (diff) | |
download | nixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.tar.gz nixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.tar.bz2 nixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.zip |
Add wireguard and more updates
Diffstat (limited to 'nixos/modules/router.nix')
-rw-r--r-- | nixos/modules/router.nix | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index ed634b1..3002d9b 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -54,10 +54,9 @@ in { firewall = { logRefusedConnections = false; interfaces = { - "home" = {allowedUDPPorts = [67 68];}; - "guest" = {allowedUDPPorts = [67 68];}; + "home" = {allowedUDPPorts = [53 67 68];}; + "guest" = {allowedUDPPorts = [53 67 68];}; }; - rejectPackets = true; filterForward = true; }; nat = { @@ -119,7 +118,7 @@ in { PoolOffset = cnf.dynIPStart; PoolSize = cnf.dynIPCount; EmitDNS = "yes"; - DNS = "1.1.1.1"; + DNS = "${cnf.lanIP}"; }; dhcpServerStaticLeases = mapAttrsToList (n: v: { @@ -150,7 +149,7 @@ in { PoolOffset = cnf.dynIPStart; PoolSize = cnf.dynIPCount; EmitDNS = "yes"; - DNS = "1.1.1.1"; + DNS = "192.168.1.1"; }; dhcpPrefixDelegationConfig = { UplinkInterface = cnf.wan; @@ -166,6 +165,10 @@ in { enable = true; dnssec = "true"; fallbackDns = ["1.1.1.1" "8.8.8.8"]; + extraConfig = '' + DNSStubListenerExtra=${cnf.lanIP} + DNSStubListenerExtra=192.168.1.1 + ''; }; }; } |