Technitium DNS with failover over dns02

2025-02-21 17:44:36 +01:00 · 2025-02-21 17:44:36 +01:00 · 1efda446f3
commit 1efda446f3
parent 076234c4bd
13 changed files with 235 additions and 0 deletions
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@ -5,5 +5,6 @@
    ./ddclient.nix
    ./nas-samba-share.nix
    ./tailscale.nix
+    ./technitium-dns-server.nix
  ];
 }
--- a/modules/networking/technitium-dns-server.nix
+++ b/modules/networking/technitium-dns-server.nix
@ -0,0 +1,44 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.networking.technitium-dns-server;
+  defaultPorts = config.services.technitium-dns-server.firewallTCPPorts.default;
+in
+{
+  options.my.networking.technitium-dns-server = {
+    enable = lib.mkEnableOption "Enable Technitium DNS Server";
+    dnsOverHttps = lib.mkEnableOption "Enable DNS over HTTPS";
+    adminPasswordFile = lib.mkOption {
+      type = lib.types.path;
+      default = "";
+      description = ''
+        Path to the file containing the admin password.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.technitium-dns-server = {
+      enable = true;
+      openFirewall = true;
+      firewallTCPPorts = [
+        53
+        5380
+        53443
+      ] ++ lib.optional cfg.dnsOverHttps 443;
+      firewallUDPPorts = [
+        53
+        67
+      ];
+    };
+
+    systemd.services.technitium-dns-server.environment.DNS_SERVER_ADMIN_PASSWORD_FILE =
+      cfg.adminPasswordFile;
+
+  };
+
+}