nix-config/examples/dns-rpi.nix

{ pkgs, ... }:

{

  imports =
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  boot.loader.grub.enable = false;
  boot.loader.generic-extlinux-compatible.enable = true;

  # --- NETWORK --- #
  networking.hostName = "dns"; # Define your hostname.
  networking.useDHCP = false;
  services.resolved.enable = false;

  systemd.network.enable = true;
  systemd.network = {
    netdevs = {
      "20-vlan10" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "vlan10";
        };
        vlanConfig.Id = 10;
      };
      "20-vlan20" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "vlan20";
        };
        vlanConfig.Id = 20;
      };
      "20-vlan30" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "vlan30";
        };
        vlanConfig.Id = 30;
      };
      "20-vlan40" = {
        netdevConfig = {
          Kind = "vlan";
          Name = "vlan40";
        };
        vlanConfig.Id = 40;
      };
    };
    networks = {
      "30-enu1u1" = {
        matchConfig.Name = "enu1u1";
        vlan = [
          "vlan10"
          "vlan20"
          "vlan30"
          "vlan40"
        ];
      };

      # VLANs
      "50-vlan10" = {
        matchConfig.Name = "vlan10";
        address = [
          "10.50.10.2/24"
        ];
        routes = [
          { routeConfig.Gateway = "10.50.10.1"; }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
      "50-vlan20" = {
        matchConfig.Name = "vlan20";
        address = [
          "10.50.20.2/24"
        ];
        routes = [
          { routeConfig.Gateway = "10.50.20.1"; }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
      "50-vlan30" = {
        matchConfig.Name = "vlan30";
        address = [
          "10.50.30.2/24"
        ];
        routes = [
          { routeConfig.Gateway = "10.50.30.1"; }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
      "50-vlan40" = {
        matchConfig.Name = "vlan40";
        address = [
          "10.50.40.2/24"
        ];
        routes = [
          { routeConfig.Gateway = "10.50.40.1"; }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
    };
  };

  # Set your time zone.
  time.timeZone = "Europe/London";

  # Configure console keymap
  console = {
    font = "Lat2-Terminus16";
    keyMap = "uk";
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.alex = {
    isNormalUser = true;
    home = "/home/alex";
    extraGroups = [ "wheel" "libvirtd" "docker" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [ "INSERT SSH KEY HERE" ];
    hashedPassword = "INSERT HASHED PASSWORD HERE";
  };

  environment.systemPackages = with pkgs; [
    wget
    parted
  ];


  networking.extraHosts =
    ''
      10.50.10.2 dns dns.int.example.uk
      10.50.20.2 dns dns.int.example.uk
      10.50.30.2 dns dns.int.example.uk
      10.50.40.2 dns dns.int.example.uk
    '';

  services.dnsmasq = {
    enable = true;
    settings = {
      server = [
        "1.1.1.1"
        "8.8.8.8"
      ];
      dhcp-authoritative = true;
      domain-needed = true;
      domain = "int.example.com";
      local = "/int.example.com";
      bogus-priv = true;
      rebind-domain-ok = "/plex.direct/";

      # DHCP OPTIONS (SUCH AS PXE, DNS SERVER, GATEWAY, ETC)
      dhcp-option = [
        "enu1u1.10,3,10.50.10.1"
        "enu1u1.10,6,10.50.10.2"
        "enu1u1.20,3,10.50.20.1"
        "enu1u1.20,6,10.50.20.2"
        "enu1u1.30,3,10.50.30.1"
        "enu1u1.30,6,10.50.30.2"
        "enu1u1.40,3,10.50.40.1"
        "enu1u1.40,6,10.50.40.2"
      ];

      # DHCP RANGES
      dhcp-range = [
        "enu1u1.10,10.50.10.200,10.50.10.254,255.255.255.0,8h"
        "enu1u1.20,10.50.20.10,10.50.20.254,255.255.255.0,8h"
        "enu1u1.30,10.50.30.10,10.50.30.254,255.255.255.0,8h"
        "enu1u1.40,10.50.40.200,10.50.40.254,255.255.255.0,8h"
      ];

      # STATIC HOST MAPPINGS ("MAC_ADDRESS,IP_ADDRESS,HOSTNAME")
      dhcp-host = [
        "xx:xx:xx:xx:xx:xx,10.50.10.3,switch"
        "xx:xx:xx:xx:xx:xx,10.50.10.4,ap"
        "xx:xx:xx:xx:xx:xx,10.50.10.10,bedrock"
        "xx:xx:xx:xx:xx:xx,10.50.10.11,hass"
        "xx:xx:xx:xx:xx:xx,10.50.10.12,mainsail"

        "xx:xx:xx:xx:xx:xx,10.50.40.10,hass-iot"
        "xx:xx:xx:xx:xx:xx,10.50.40.11,glow-ihd"
        "xx:xx:xx:xx:xx:xx,10.50.40.12,printer"
        "xx:xx:xx:xx:xx:xx,10.50.40.13,cctv-iot"
        "xx:xx:xx:xx:xx:xx,10.50.40.14,cctv-front"
        "xx:xx:xx:xx:xx:xx,10.50.40.15,cctv-side"
        "xx:xx:xx:xx:xx:xx,10.50.40.16,cctv-rear"
        "xx:xx:xx:xx:xx:xx,10.50.40.17,doorbell"
        "xx:xx:xx:xx:xx:xx,10.50.40.18,cctv-downstairs"
      ];

      # DNS OVERRIDES
      address = [
        "/cloud.example.com/10.50.10.10"
        "/photos.example.com/10.50.10.10"
        "/id.example.com/10.50.10.10"
        "/vault.example.com/10.50.10.10"
        "/overseerr.example.com/10.50.10.10"
        "/media.int.example.com/10.50.10.10"
        "/example.com/10.50.10.10"
        "/matrix.example.com/10.50.10.10"
        "/syncv3.example.com/10.50.10.10"
        "/cctv.int.example.com/10.50.10.10"
        "/archive.int.example.com/10.50.10.10"
      ];
    };
  };

  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

  services.netdata.enable = true;

  # Open ports in the firewall.
  #networking.firewall.allowedTCPPorts = [
  #  22
  #  80
  #  443
  #  19999
  #];
  #networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?
}