From b4d199d00cc51b9b9b08ebc987dc66f4e8f3a2a4 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Fri, 30 Jan 2026 20:25:10 +0100
Subject: [PATCH] [ns1] setup forwarding, open ports

---
 machines/ns1/configuration.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/machines/ns1/configuration.nix b/machines/ns1/configuration.nix
index f64d578..7721eea 100644
--- a/machines/ns1/configuration.nix
+++ b/machines/ns1/configuration.nix
@@ -19,8 +19,26 @@ in
     ../modules/autoupdate.nix
   ];
 
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [ 53 ];
+  };
+
   services.bind = {
     enable = true;
+    forwarders = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ];
+  
+    cacheNetworks = [
+      "127.0.0.0/24"
+      "10.0.0.0/24"
+      "192.168.1.0/24"
+      "10.100.0.0/24"
+    ];
+
     zones = {
       "malobeo.org" = {
         master = true;