{ config, pkgs, ... }: { dns.zones."ctu.cx".subdomains = with pkgs.dns.lib.combinators; { home.NS = [ "home.ctu.cx." ]; home.A = [ (a "195.39.246.42") ]; home.AAAA = [ "2a0f:4ac0:acab::1" ]; }; systemd.services.dnsmasq.onFailure = [ "email-notify@%i.service" ]; services = { resolved.enable = false; dnsmasq = { enable = true; settings = { local-service = true; no-resolv = true; no-hosts = true; domain-needed = true; bogus-priv = true; enable-ra = true; quiet-ra = true; server = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" "8.8.4.4" ]; local = "/home.ctu.cx/"; domain = "home.ctu.cx"; auth-ttl = 600; auth-server = "home.ctu.cx, 195.39.246.42, 2a0f:4ac0:acab::1"; auth-zone = "home.ctu.cx, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64"; host-record = [ "home.ctu.cx, 195.39.246.42, 2a0f:4ac0:acab::1" ]; cname = [ "briefkasten.home.ctu.cx, home.ctu.cx" "dnsmasq.home.ctu.cx, home.ctu.cx" ]; address = [ "/briefkasten/10.0.0.1" "/ads1700w/10.0.0.10" "/scanner/10.0.0.10" ]; dhcp-authoritative = true; dhcp-rapid-commit = true; dhcp-sequential-ip = true; dhcp-range = [ "private, 10.0.0.100, 10.0.0.200, 255.255.255.0, 48h" "public, 195.39.246.34, static, 255.255.255.240, 195.39.246.47, 48h" " 2a0f:4ac0:acab::100, 2a0f:4ac0:acab::01ff, ra-names,slaac, 64, 48h" ]; dhcp-option = [ "option6:information-refresh-time, 6h" "option6:dns-server, [2a0f:4ac0:acab::1]" "private, option:router, 10.0.0.1" "private, option:dns-server, 10.0.0.1" "public, option:router, 195.39.246.42" "public, option:dns-server, 195.39.246.42" ]; dhcp-host = [ "48:a9:8a:8e:dd:0b, accesspoint, 10.0.0.2" "5c:f3:70:b9:35:9c, ctux-ads1700w, 10.0.0.10" "34:31:c4:46:88:31, pbx, 10.0.0.20" "id:bc:6e:e2:03:99:40, nadia-work, [2a0f:4ac0:acab::37]" "bc:6e:e2:03:99:40, nadia-work, 195.39.246.37" "id:1c:57:dc:40:dc:b2, blechkasten, [2a0f:4ac0:acab::43]" "1c:57:dc:40:dc:b2, blechkasten, 195.39.246.43" "id:00:e0:4c:02:13:75, desktop, [2a0f:4ac0:acab::44]" "00:e0:4c:02:13:75, desktop, 195.39.246.44" "id:f4:3b:d8:cb:7c:49, coladose, [2a0f:4ac0:acab::45]" "f4:3b:d8:cb:7c:49, coladose, 195.39.246.45" ]; }; }; fcgiwrap.instances.dnsmasq = { process.user = "dnsmasq"; process.group = "dnsmasq"; socket.user = "nginx"; socket.group = "nginx"; }; nginx = { enable = true; virtualHosts."dnsmasq.home.ctu.cx" = { enableACME = true; forceSSL = true; kTLS = true; locations = { "/".extraConfig = '' include "${pkgs.nginx}/conf/fastcgi_params"; fastcgi_param SCRIPT_FILENAME "${pkgs.dnsmasq-lease-overview}/bin/overview"; fastcgi_param LEASE_PATH "/var/lib/dnsmasq/dnsmasq.leases"; fastcgi_param MIKROTIK_HOST "http://10.0.0.2"; fastcgi_param MIKROTIK_USER "leah"; fastcgi_param MIKROTIK_PASSWORD "nie5eevaeNohZuyugh2Eo6phaif9ahngiel8oom2aj7cooGohbaiqui9dah4Thie"; fastcgi_param QUERY_STRING $args; fastcgi_pass unix:${config.services.fcgiwrap.instances.dnsmasq.socket.address}; ''; }; }; }; }; }