forked from pub-solar/infra
Merge pull request 'networking: add wireguard hosts to /etc/hosts' (#144) from wireguard/add-etc-hosts into main
Reviewed-on: pub-solar/infra#144 Reviewed-by: b12f <b12f@noreply.git.pub.solar>
This commit is contained in:
commit
9d94b888ae
18
flake.lock
18
flake.lock
|
@ -180,11 +180,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710888565,
|
"lastModified": 1712386041,
|
||||||
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
|
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
|
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -255,11 +255,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712168706,
|
"lastModified": 1712741485,
|
||||||
"narHash": "sha256-XP24tOobf6GGElMd0ux90FEBalUtw6NkBSVh/RlA6ik=",
|
"narHash": "sha256-bCs0+MSTra80oXAsnM6Oq62WsirOIaijQ/BbUY59tR4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1487bdea619e4a7a53a4590c475deabb5a9d1bfb",
|
"rev": "b2cf36f43f9ef2ded5711b30b1f393ac423d8f72",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -405,11 +405,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712163089,
|
"lastModified": 1712791164,
|
||||||
"narHash": "sha256-Um+8kTIrC19vD4/lUCN9/cU9kcOsD1O1m+axJqQPyMM=",
|
"narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "fd281bd6b7d3e32ddfa399853946f782553163b5",
|
"rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -78,6 +78,7 @@
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=drone-net"
|
"--network=drone-net"
|
||||||
"--pull=always"
|
"--pull=always"
|
||||||
|
"--add-host=nachtigall.pub.solar:10.7.6.1"
|
||||||
];
|
];
|
||||||
environment = {
|
environment = {
|
||||||
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
||||||
|
@ -101,6 +102,7 @@
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=drone-net"
|
"--network=drone-net"
|
||||||
"--pull=always"
|
"--pull=always"
|
||||||
|
"--add-host=nachtigall.pub.solar:10.7.6.1"
|
||||||
];
|
];
|
||||||
environment = {
|
environment = {
|
||||||
DRONE_RPC_HOST = "ci.pub.solar";
|
DRONE_RPC_HOST = "ci.pub.solar";
|
||||||
|
|
|
@ -2,6 +2,11 @@
|
||||||
# Don't expose SSH via public interfaces
|
# Don't expose SSH via public interfaces
|
||||||
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
|
networking.hosts = {
|
||||||
|
"10.7.6.1" = ["nachtigall.pub.solar"];
|
||||||
|
"10.7.6.2" = ["flora-6.pub.solar"];
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = lib.mkDefault false;
|
openFirewall = lib.mkDefault false;
|
||||||
|
@ -31,14 +36,11 @@
|
||||||
|
|
||||||
services.resolved = {
|
services.resolved = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
|
|
||||||
# when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
|
||||||
FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net
|
FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net
|
||||||
Domains=~.
|
Domains=~.
|
||||||
DNSOverTLS=yes
|
DNSOverTLS=yes
|
||||||
DNSSEC=false
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue