dumpyourvms: wip networking, use systemd-resolved for local DNS
This commit is contained in:
parent
8e1f2b5abc
commit
412b830cb0
|
@ -25,7 +25,6 @@ in
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.resumeDevice = "/dev/mapper/cryptroot";
|
boot.resumeDevice = "/dev/mapper/cryptroot";
|
||||||
|
|
||||||
boot.kernelPackages = pkgs.linuxPackages_5_15;
|
|
||||||
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
|
||||||
systemd.sleep.extraConfig = ''
|
systemd.sleep.extraConfig = ''
|
||||||
|
@ -37,6 +36,17 @@ in
|
||||||
facetimehd.enable = true;
|
facetimehd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.resolved = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net [2001:678:e68:f000::]#dot.ffmuc.net [2001:678:ed0:f000::]#dot.ffmuc.net [2a01:3a0:53:53::0]#unicast.censurfridns.dk [2a01:4f8:c0c:3c03::2]#ns1.dnsprivacy.at [2a01:4f8:c0c:3bfc::2]#ns2.dnsprivacy.at [2001:610:1:40ba:145:100:185:15]#dnsovertls.sinodun.com [2001:610:1:40ba:145:100:185:16]#dnsovertls1.sinodun.com [2a04:b900:0:100::38]#getdnsapi.net
|
||||||
|
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net [2620:fe::fe]#dns.quad9.net [2620:fe::9]#dns.quad9.net
|
||||||
|
Domains=~.
|
||||||
|
DNSOverTLS=yes
|
||||||
|
DNSSEC=false
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.mozillavpn.enable = true;
|
||||||
networking = import ./networking.nix;
|
networking = import ./networking.nix;
|
||||||
|
|
||||||
security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
|
security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
{
|
{
|
||||||
|
networkmanager.dns = "systemd-resolved";
|
||||||
|
#resolvconf.enable = true;
|
||||||
|
|
||||||
hosts = {
|
hosts = {
|
||||||
"10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ];
|
"10.0.0.42" = [ "nomad.service.consul" "nomad.service.cgn-1.consul" ];
|
||||||
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
|
"10.0.0.66" = [ "consul.service.cgn-1.consul" ];
|
||||||
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
|
"10.0.1.9" = [ "consul.service.lev-1.consul" ];
|
||||||
"10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ];
|
"10.0.0.67" = [ "vault.service.consul" "vault.service.cgn-1.consul" ];
|
||||||
"10.0.0.200" = [ "headnode.cgn-1" ];
|
"10.0.0.200" = [ "headnode.cgn-1" ];
|
||||||
"10.0.0.201" = [ "cn01.cgn-1" ];
|
"10.0.0.201" = [ "cn01.cgn-1" ];
|
||||||
"10.0.0.202" = [ "cn02.cgn-1" ];
|
"10.0.0.202" = [ "cn02.cgn-1" ];
|
||||||
|
@ -20,6 +23,7 @@
|
||||||
"10.0.1.206" = [ "cn00.lev-1" ];
|
"10.0.1.206" = [ "cn00.lev-1" ];
|
||||||
"10.0.1.207" = [ "cn06.lev-1" ];
|
"10.0.1.207" = [ "cn06.lev-1" ];
|
||||||
"10.0.1.208" = [ "cn07.lev-1" ];
|
"10.0.1.208" = [ "cn07.lev-1" ];
|
||||||
|
"10.101.64.10" = [ "wifi.bahn.de" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
wireguard.enable = true;
|
wireguard.enable = true;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
enable = true;
|
enable = false;
|
||||||
localControlSocketPath = "/run/unbound/unbound.ctl";
|
localControlSocketPath = "/run/unbound/unbound.ctl";
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
|
|
Loading…
Reference in a new issue