From b264d602ca3a020d82c37d4b2cba2a1c4235fba2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 2 Feb 2023 17:23:50 +0100 Subject: [PATCH] dumpyourvms: use DHCP for DNS again, add wg0 NIC --- hosts/dumpyourvms/dumpyourvms.nix | 14 +++++++------- hosts/dumpyourvms/networking.nix | 18 ++++++++++++++++++ 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix index 6aabb237..c2176384 100644 --- a/hosts/dumpyourvms/dumpyourvms.nix +++ b/hosts/dumpyourvms/dumpyourvms.nix @@ -54,13 +54,13 @@ in { enable = true; # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 - extraConfig = '' - DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net - FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net - Domains=~. - DNSOverTLS=yes - DNSSEC=false - ''; + #extraConfig = '' + # DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net + # FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net + # Domains=~. + # DNSOverTLS=yes + # DNSSEC=false + #''; }; services.mozillavpn.enable = true; networking = import ./networking.nix; diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix index 70750ca5..5661c54d 100644 --- a/hosts/dumpyourvms/networking.nix +++ b/hosts/dumpyourvms/networking.nix @@ -85,5 +85,23 @@ } ]; }; + wg4 = { + address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"]; + privateKeyFile = "/etc/wireguard/wg4.privatekey"; + postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; + preDown = "resolvectl revert wg4"; + #dns = [ + # "fdaa:1:3234::3, internal" + #]; + + peers = [ + { + publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ="; + allowedIPs = ["fdaa:1:3234::/48"]; + endpoint = "ams1.gateway.6pn.dev:51820"; + persistentKeepalive = 15; + } + ]; + }; }; }