lass/2configs/iodined.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

{ pkgs, config, ... }:

let
  # TODO: make this a parameter
  domain = "io.lassul.us";
  pw = import <secrets/iodinepw.nix>;
in {

  services.iodine.server = {
    enable = true;
    domain = domain;
    ip = "172.16.10.1/24";
    extraConfig = "-c -P ${pw} -l ${config.krebs.build.host.nets.internet.ip4.addr}";
  };

  krebs.iptables.tables.filter.INPUT.rules = [
    { predicate = "-p udp --dport 53"; target = "ACCEPT";}
  ];

}