From 412b830cb0f269ded248b7f87c1e42e28fcd8d7e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 2 Jun 2022 10:51:32 +0200 Subject: [PATCH] dumpyourvms: wip networking, use systemd-resolved for local DNS --- hosts/dumpyourvms/dumpyourvms.nix | 12 +++++++++++- hosts/dumpyourvms/networking.nix | 12 ++++++++---- hosts/dumpyourvms/unbound.nix | 2 +- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix index 17710745..f307342e 100644 --- a/hosts/dumpyourvms/dumpyourvms.nix +++ b/hosts/dumpyourvms/dumpyourvms.nix @@ -25,7 +25,6 @@ in boot.loader.efi.canTouchEfiVariables = true; boot.resumeDevice = "/dev/mapper/cryptroot"; - boot.kernelPackages = pkgs.linuxPackages_5_15; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; systemd.sleep.extraConfig = '' @@ -37,6 +36,17 @@ in facetimehd.enable = true; }; + services.resolved = { + enable = true; + extraConfig = '' + DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net [2001:678:e68:f000::]#dot.ffmuc.net [2001:678:ed0:f000::]#dot.ffmuc.net [2a01:3a0:53:53::0]#unicast.censurfridns.dk [2a01:4f8:c0c:3c03::2]#ns1.dnsprivacy.at [2a01:4f8:c0c:3bfc::2]#ns2.dnsprivacy.at [2001:610:1:40ba:145:100:185:15]#dnsovertls.sinodun.com [2001:610:1:40ba:145:100:185:16]#dnsovertls1.sinodun.com [2a04:b900:0:100::38]#getdnsapi.net + FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net [2620:fe::fe]#dns.quad9.net [2620:fe::9]#dns.quad9.net + Domains=~. + DNSOverTLS=yes + DNSSEC=false + ''; + }; + services.mozillavpn.enable = true; networking = import ./networking.nix; security.pki.certificateFiles = [ ./consul-agent-ca.pem ]; diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix index 3051964f..292ea08f 100644 --- a/hosts/dumpyourvms/networking.nix +++ b/hosts/dumpyourvms/networking.nix @@ -1,9 +1,12 @@ { + networkmanager.dns = "systemd-resolved"; + #resolvconf.enable = true; + hosts = { - "10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ]; - "10.0.0.66" = [ "consul.service.cgn-1.consul" ]; - "10.0.1.9" = [ "consul.service.lev-1.consul" ]; - "10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ]; + "10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ]; + "10.0.0.66" = [ "consul.service.cgn-1.consul" ]; + "10.0.1.9" = [ "consul.service.lev-1.consul" ]; + "10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ]; "10.0.0.200" = [ "headnode.cgn-1" ]; "10.0.0.201" = [ "cn01.cgn-1" ]; "10.0.0.202" = [ "cn02.cgn-1" ]; @@ -20,6 +23,7 @@ "10.0.1.206" = [ "cn00.lev-1" ]; "10.0.1.207" = [ "cn06.lev-1" ]; "10.0.1.208" = [ "cn07.lev-1" ]; + "10.101.64.10" = [ "wifi.bahn.de" ]; }; wireguard.enable = true; diff --git a/hosts/dumpyourvms/unbound.nix b/hosts/dumpyourvms/unbound.nix index c7c0b519..b9e5f76c 100644 --- a/hosts/dumpyourvms/unbound.nix +++ b/hosts/dumpyourvms/unbound.nix @@ -1,5 +1,5 @@ { - enable = true; + enable = false; localControlSocketPath = "/run/unbound/unbound.ctl"; settings = { server = {