networking: add wireguard hosts to /etc/hosts

Also re-enable DNSSEC, it's reported fixed in systemd-resolved
2024-04-12 21:31:36 +02:00 · 2024-04-12 21:31:36 +02:00 · 8743ea7b0c
parent 8743b50f7f
commit 8743ea7b0c
2 changed files with 7 additions and 3 deletions
--- a/hosts/flora-6/apps/drone.nix
+++ b/hosts/flora-6/apps/drone.nix
@ -78,6 +78,7 @@
        extraOptions = [
          "--network=drone-net"
          "--pull=always"
+          "--add-host=nachtigall.pub.solar:10.7.6.1"
        ];
        environment = {
          DRONE_GITEA_SERVER = "https://git.pub.solar";
@ -101,6 +102,7 @@
        extraOptions = [
          "--network=drone-net"
          "--pull=always"
+          "--add-host=nachtigall.pub.solar:10.7.6.1"
        ];
        environment = {
          DRONE_RPC_HOST = "ci.pub.solar";
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -2,6 +2,11 @@
  # Don't expose SSH via public interfaces
  networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];

+  networking.hosts = {
+      "10.7.6.1" = ["nachtigall.pub.solar"];
+      "10.7.6.2" = ["flora-6.pub.solar"];
+  };
+
  services.openssh = {
    enable = true;
    openFirewall = lib.mkDefault false;
@ -31,14 +36,11 @@

  services.resolved = {
    enable = true;
-    # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
-    # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
    extraConfig = ''
      DNS=193.110.81.0#dns0.eu 185.253.5.0#dns0.eu 2a0f:fc80::#dns0.eu 2a0f:fc81::#dns0.eu 9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
      FallbackDNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net
      Domains=~.
      DNSOverTLS=yes
-      DNSSEC=false
    '';
  };
 }