diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-11-13 08:41:39 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-11-13 08:41:39 +0100 |
commit | f805ce37981a699981ae25dfd1943dc3db33b90e (patch) | |
tree | 36083abc2af2a3c0fed5b75ccd10450fac5c1045 /hosts | |
parent | 5440c73f19ae9bfac70c79da83241c158ceb7d4a (diff) | |
download | nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.gz nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.bz2 nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.tar.xz nixos-f805ce37981a699981ae25dfd1943dc3db33b90e.zip |
...
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/surtr/default.nix | 11 | ||||
-rw-r--r-- | hosts/surtr/dns/default.nix | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index 705f69b3..223e1f10 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
@@ -65,6 +65,12 @@ with lib; | |||
65 | enable = true; | 65 | enable = true; |
66 | rulesetFile = ./ruleset.nft; | 66 | rulesetFile = ./ruleset.nft; |
67 | }; | 67 | }; |
68 | resolvconf = { | ||
69 | enable = true; | ||
70 | extraConfig = '' | ||
71 | name_servers='127.0.0.53' | ||
72 | ''; | ||
73 | }; | ||
68 | }; | 74 | }; |
69 | 75 | ||
70 | systemd.network = { | 76 | systemd.network = { |
@@ -78,10 +84,7 @@ with lib; | |||
78 | }; | 84 | }; |
79 | }; | 85 | }; |
80 | 86 | ||
81 | services.resolved = { | 87 | services.resolved.enable = false; |
82 | llmnr = "false"; | ||
83 | dnssec = "false"; # unbound does dnssec validation for us | ||
84 | }; | ||
85 | 88 | ||
86 | services.ndppd = { | 89 | services.ndppd = { |
87 | enable = true; | 90 | enable = true; |
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 65f46b35..53df798e 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -212,7 +212,7 @@ in { | |||
212 | 212 | ||
213 | settings = { | 213 | settings = { |
214 | server = { | 214 | server = { |
215 | interface = ["lo@5353"]; | 215 | interface = ["lo@5353" "127.0.0.53"]; |
216 | prefer-ip6 = true; | 216 | prefer-ip6 = true; |
217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; | 217 | access-control = ["127.0.0.0/8 allow" "::1/128 allow"]; |
218 | root-hints = "${pkgs.dns-root-data}/root.hints"; | 218 | root-hints = "${pkgs.dns-root-data}/root.hints"; |