teutat3s/os
2
0
Fork 0
forked from pub-solar/os
Code Pull requests Activity

dumpyourvms: use DHCP for DNS again, add wg0 NIC

Browse source
This commit is contained in:
teutat3s 2023-02-02 17:23:50 +01:00
parent 001a1de2e8
commit b264d602ca
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
2 changed files with 25 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
hosts/dumpyourvms/dumpyourvms.nix
View file

@ -54,13 +54,13 @@ in {
enable = true; enable = true;
# DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS
# when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579
extraConfig = '' #extraConfig = ''
DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net # DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 94.130.110.185#ns1.dnsprivacy.at 145.100.185.15#dnsovertls.sinodun.com 145.100.185.16#dnsovertls1.sinodun.com 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a01:4f8:c0c:3c03::2#ns1.dnsprivacy.at 2a01:4f8:c0c:3bfc::2#ns2.dnsprivacy.at 2001:610:1:40ba:145:100:185:15#dnsovertls.sinodun.com 2001:610:1:40ba:145:100:185:16#dnsovertls1.sinodun.com 2a04:b900:0:100::38#getdnsapi.net
FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net # FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
Domains=~. # Domains=~.
DNSOverTLS=yes # DNSOverTLS=yes
DNSSEC=false # DNSSEC=false
''; #'';
}; };
services.mozillavpn.enable = true; services.mozillavpn.enable = true;
networking = import ./networking.nix; networking = import ./networking.nix;

18
hosts/dumpyourvms/networking.nix
View file

@ -85,5 +85,23 @@
} }
]; ];
}; };
wg4 = {
address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"];
privateKeyFile = "/etc/wireguard/wg4.privatekey";
postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal";
preDown = "resolvectl revert wg4";
#dns = [
# "fdaa:1:3234::3, internal"
#];
peers = [
{
publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ=";
allowedIPs = ["fdaa:1:3234::/48"];
endpoint = "ams1.gateway.6pn.dev:51820";
persistentKeepalive = 15;
}
];
};
}; };
} }