dumpyourvms: wip networking, use systemd-resolved for local DNS

This commit is contained in:
teutat3s 2022-06-02 10:51:32 +02:00
parent 8e1f2b5abc
commit 412b830cb0
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
3 changed files with 20 additions and 6 deletions

View file

@ -25,7 +25,6 @@ in
boot.loader.efi.canTouchEfiVariables = true;
boot.resumeDevice = "/dev/mapper/cryptroot";
boot.kernelPackages = pkgs.linuxPackages_5_15;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
systemd.sleep.extraConfig = ''
@ -37,6 +36,17 @@ in
facetimehd.enable = true;
};
services.resolved = {
enable = true;
extraConfig = ''
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net [2001:678:e68:f000::]#dot.ffmuc.net [2001:678:ed0:f000::]#dot.ffmuc.net [2a01:3a0:53:53::0]#unicast.censurfridns.dk [2a01:4f8:c0c:3c03::2]#ns1.dnsprivacy.at [2a01:4f8:c0c:3bfc::2]#ns2.dnsprivacy.at [2001:610:1:40ba:145:100:185:15]#dnsovertls.sinodun.com [2001:610:1:40ba:145:100:185:16]#dnsovertls1.sinodun.com [2a04:b900:0:100::38]#getdnsapi.net
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net [2620:fe::fe]#dns.quad9.net [2620:fe::9]#dns.quad9.net
Domains=~.
DNSOverTLS=yes
DNSSEC=false
'';
};
services.mozillavpn.enable = true;
networking = import ./networking.nix;
security.pki.certificateFiles = [ ./consul-agent-ca.pem ];

View file

@ -1,9 +1,12 @@
{
networkmanager.dns = "systemd-resolved";
#resolvconf.enable = true;
hosts = {
"10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ];
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
"10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ];
"10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ];
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
"10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ];
"10.0.0.200" = [ "headnode.cgn-1" ];
"10.0.0.201" = [ "cn01.cgn-1" ];
"10.0.0.202" = [ "cn02.cgn-1" ];
@ -20,6 +23,7 @@
"10.0.1.206" = [ "cn00.lev-1" ];
"10.0.1.207" = [ "cn06.lev-1" ];
"10.0.1.208" = [ "cn07.lev-1" ];
"10.101.64.10" = [ "wifi.bahn.de" ];
};
wireguard.enable = true;

View file

@ -1,5 +1,5 @@
{
enable = true;
enable = false;
localControlSocketPath = "/run/unbound/unbound.ctl";
settings = {
server = {