dumpyourvms: wip networking, use systemd-resolved for local DNS

2022-06-02 10:51:32 +02:00 · 2022-06-02 10:51:32 +02:00 · 412b830cb0
parent 8e1f2b5abc
commit 412b830cb0
3 changed files with 20 additions and 6 deletions
--- a/hosts/dumpyourvms/dumpyourvms.nix
+++ b/hosts/dumpyourvms/dumpyourvms.nix
@ -25,7 +25,6 @@ in
    boot.loader.efi.canTouchEfiVariables = true;
    boot.resumeDevice = "/dev/mapper/cryptroot";

-    boot.kernelPackages = pkgs.linuxPackages_5_15;
    boot.binfmt.emulatedSystems = [ "aarch64-linux" ];

    systemd.sleep.extraConfig = ''
@ -37,6 +36,17 @@ in
      facetimehd.enable = true;
    };

+    services.resolved = {
+      enable = true;
+      extraConfig = ''
+        DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net [2001:678:e68:f000::]#dot.ffmuc.net [2001:678:ed0:f000::]#dot.ffmuc.net [2a01:3a0:53:53::0]#unicast.censurfridns.dk [2a01:4f8:c0c:3c03::2]#ns1.dnsprivacy.at [2a01:4f8:c0c:3bfc::2]#ns2.dnsprivacy.at [2001:610:1:40ba:145:100:185:15]#dnsovertls.sinodun.com [2001:610:1:40ba:145:100:185:16]#dnsovertls1.sinodun.com [2a04:b900:0:100::38]#getdnsapi.net
+        FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net [2620:fe::fe]#dns.quad9.net [2620:fe::9]#dns.quad9.net
+        Domains=~.
+        DNSOverTLS=yes
+        DNSSEC=false
+      '';
+    };
+    services.mozillavpn.enable = true;
    networking = import ./networking.nix;

    security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
--- a/hosts/dumpyourvms/networking.nix
+++ b/hosts/dumpyourvms/networking.nix
@ -1,4 +1,7 @@
 {
+  networkmanager.dns = "systemd-resolved";
+  #resolvconf.enable = true;
+
  hosts = {
    "10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ];
    "10.0.0.66" = [ "consul.service.cgn-1.consul" ];
@ -20,6 +23,7 @@
    "10.0.1.206" = [ "cn00.lev-1" ];
    "10.0.1.207" = [ "cn06.lev-1" ];
    "10.0.1.208" = [ "cn07.lev-1" ];
+    "10.101.64.10" = [ "wifi.bahn.de" ];
  };

  wireguard.enable = true;
--- a/hosts/dumpyourvms/unbound.nix
+++ b/hosts/dumpyourvms/unbound.nix
@ -1,5 +1,5 @@
 {
-  enable = true;
+  enable = false;
  localControlSocketPath = "/run/unbound/unbound.ctl";
  settings = {
    server = {