diff --git a/lib/config/alloy/config.alloy.nix b/lib/config/alloy/config.alloy.nix index 95fd006..45f1e50 100644 --- a/lib/config/alloy/config.alloy.nix +++ b/lib/config/alloy/config.alloy.nix @@ -4,7 +4,7 @@ in { out = '' logging { - level = "warning" + level = "warn" } loki.write "grafana_loki" { endpoint { diff --git a/lib/container.nix.template b/lib/container.nix.template index bdee5d6..2be342b 100644 --- a/lib/container.nix.template +++ b/lib/container.nix.template @@ -15,8 +15,11 @@ in # OPTIONAL string swap: swap space (default null) swap = null; - # OPTIONAL list of int ports: ports to open (TCP tho) (default []) - ports = [ 80 ]; + # OPTIONAL list of int tcp_ports: TCP ports to open (default []) + tcp_ports = [ 80 ]; + + # OPTIONAL list of int udp_ports: UDP ports to open (default []) + udp_ports = [ ]; # OPTIONAL submodule services: services to be passed to the NixOS Module (default {}) services = { diff --git a/lib/container_build.nix b/lib/container_build.nix index 29f1dfe..228eb6f 100644 --- a/lib/container_build.nix +++ b/lib/container_build.nix @@ -9,7 +9,8 @@ let disk = def.disk or "4G"; swap = def.swap or 512; services = def.services or { }; - open_ports = def.open_ports or [ ]; + tcp_ports = def.tcp_ports or [ ]; + udp_ports = def.udp_ports or [ ]; other_packages = def.other_packages or [ ]; etc = def.etc or { }; logging_enabled = def.logging.enable or false; # TODO: Implement @@ -54,7 +55,11 @@ in ] ++ extraModules; networking.hostName = hostname; - networking.firewall.allowedTCPPorts = open_ports; + networking.firewall = { + enable = true; + allowedTCPPorts = tcp_ports; + allowedUDPPorts = udp_ports; + }; services = services // lib.optionalAttrs (logging_enabled) { diff --git a/lxc/dns.nix b/lxc/dns.nix index 1792333..813df35 100644 --- a/lxc/dns.nix +++ b/lxc/dns.nix @@ -13,16 +13,18 @@ let in { cores = 2; - memory = "2G"; + memory = 1024; disk = "4G"; swap = 512; - ports = [ + tcp_ports = [ 80 53 12345 ]; + udp_ports = [ 53 ]; exposed = false; services = { + resolved.enable = false; adguardhome = import ./dns/adguardhome-config.nix { inherit infra ip domainname; }; unbound = { enable = true; diff --git a/lxc/dns/logs-unbound.alloy.nix b/lxc/dns/logs-unbound.alloy.nix index 7abf795..9af7cf8 100644 --- a/lxc/dns/logs-unbound.alloy.nix +++ b/lxc/dns/logs-unbound.alloy.nix @@ -23,7 +23,7 @@ } } - loki.process "unbound_router" { + loki.process "unbd_router" { stage.pattern { pattern = "[<_>] : " }