From 0df552f2ee09f04fcb2f70ca749483a3280189cb Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sun, 16 Mar 2025 01:31:23 +0100
Subject: ahmed: Add local DNS resolver

---
 hosts/ahmed/configuration.nix |  1 +
 hosts/ahmed/dns/default.nix   | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 hosts/ahmed/dns/default.nix

diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 25eb336..9bd394f 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -23,6 +23,7 @@
     ./dyndns
     ./minecraft
     ./nginx
+    ./dns
   ];
 
   # Create the main user.
diff --git a/hosts/ahmed/dns/default.nix b/hosts/ahmed/dns/default.nix
new file mode 100644
index 0000000..35360f7
--- /dev/null
+++ b/hosts/ahmed/dns/default.nix
@@ -0,0 +1,31 @@
+{metadata, ...}: {
+  services.dnscache = {
+    enable = true;
+    clientIps = [
+      "192.168" # LAN
+      "127.0.0.1" # Local connections
+    ];
+
+    domainServers = {
+      "internal" = ["127.0.0.1"];
+    };
+  };
+
+  services.tinydns = {
+    enable = true;
+
+    # We will only listen for internal queries from the DNS cache.
+    ip = "127.0.0.1";
+
+    data = ''
+      .internal:127.0.0.1:a
+      =ahmed.internal:${metadata.hosts.ahmed.ipAddress}
+      =muhammed.internal:${metadata.hosts.muhammed.ipAddress}
+    '';
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [53];
+    allowedUDPPorts = [53];
+  };
+}
-- 
cgit v1.2.3