From d3201fbca999502c79c1c13e19140ceb4bec1ebb Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Mon, 5 Jan 2026 21:42:17 +0100 Subject: [PATCH] move coredns to port 53 to allow access on android --- clan/network.nix | 1 + clanServices/coredns/default.nix | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/clan/network.nix b/clan/network.nix index be7255f..b89e878 100644 --- a/clan/network.nix +++ b/clan/network.nix @@ -53,6 +53,7 @@ roles.default.tags.all = { }; roles.server.machines.verbena = { settings.ip = "fd28:387a:90:c400::1"; + settings.dnsPort = 53; }; roles.server.machines.crocus = { settings.ip = "fd28:387a:90:c400:6db2:dfc3:c376:9956"; diff --git a/clanServices/coredns/default.nix b/clanServices/coredns/default.nix index 520c968..20d4350 100644 --- a/clanServices/coredns/default.nix +++ b/clanServices/coredns/default.nix @@ -118,11 +118,13 @@ '' .:${dnsPort} { + bind wireguard forward . 1.1.1.1 cache 30 } ${settings.tld}:${dnsPort} { + bind wireguard file ${zonefile} } ''; @@ -168,7 +170,7 @@ networking.nameservers = map ( m: let - port = config.services.unbound.settings.port or 53; + port = config.services.unbound.settings.server.port or 53; in "127.0.0.1:${toString port}#${roles.server.machines.${m}.settings.tld}" ) (lib.attrNames roles.server.machines); @@ -179,11 +181,11 @@ services.unbound = { enable = true; - resolveLocalQueries = true; + # resolveLocalQueries = true; checkconf = true; settings = { server = { - # port = 5353; + port = 5353; verbosity = 2; interface = [ "127.0.0.1" ]; access-control = [ "127.0.0.0/8 allow" ];