sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: dont use adguardhome for servers

Browse source
This commit is contained in:
oddlama 2023-07-06 14:49:37 +02:00
parent 13d9baedc1
commit 836cd7c6c2
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
9 changed files with 25 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/ward/microvms/adguardhome.nix
View file

@ -49,7 +49,6 @@ in {
bind_host = config.meta.wireguard.proxy-sentinel.ipv4; bind_host = config.meta.wireguard.proxy-sentinel.ipv4;
bind_port = 3000; bind_port = 3000;
dns = { dns = {
edns_client_subnet.enabled = false;
bind_hosts = [ bind_hosts = [
# This dummy address passes the configuration check and will # This dummy address passes the configuration check and will
# later be replaced by the actual interface address. # later be replaced by the actual interface address.
@ -60,15 +59,15 @@ in {
#trusted_proxied = []; #trusted_proxied = [];
ratelimit = 60; ratelimit = 60;
upstream_dns = [ upstream_dns = [
"1.1.1.1"
"2606:4700:4700::1111"
"8.8.8.8" "8.8.8.8"
"8.8.4.4"
"2001:4860:4860::8888"
"2001:4860:4860::8844" "2001:4860:4860::8844"
]; ];
bootstrap_dns = [ bootstrap_dns = [
"1.1.1.1"
"2606:4700:4700::1111"
"8.8.8.8" "8.8.8.8"
"8.8.4.4"
"2001:4860:4860::8888"
"2001:4860:4860::8844" "2001:4860:4860::8844"
]; ];
dhcp.enabled = false; dhcp.enabled = false;
@ -82,5 +81,6 @@ in {
INTERFACE_ADDR=$(${pkgs.iproute2}/bin/ip -family inet -brief addr show wan | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+") INTERFACE_ADDR=$(${pkgs.iproute2}/bin/ip -family inet -brief addr show wan | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+")
sed -i -e "s/123.123.123.123/$INTERFACE_ADDR/" "$STATE_DIRECTORY/AdGuardHome.yaml" sed -i -e "s/123.123.123.123/$INTERFACE_ADDR/" "$STATE_DIRECTORY/AdGuardHome.yaml"
''; '';
serviceConfig.RestartSec = lib.mkForce "600"; # Retry every 10 minutes
}; };
} }

5
hosts/ward/microvms/grafana.nix
View file

@ -129,5 +129,8 @@ in {
}; };
}; };
systemd.services.grafana.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; systemd.services.grafana = {
after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
serviceConfig.RestartSec = "600"; # Retry every 10 minutes
};
} }

5
hosts/ward/microvms/influxdb.nix
View file

@ -59,5 +59,8 @@ in {
}; };
}; };
systemd.services.influxdb2.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; systemd.services.influxdb2 = {
after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
serviceConfig.RestartSec = "600"; # Retry every 10 minutes
};
} }

5
hosts/ward/microvms/kanidm.nix
View file

@ -72,5 +72,8 @@ in {
}; };
}; };
systemd.services.kanidm.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; systemd.services.kanidm = {
after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
serviceConfig.RestartSec = "600"; # Retry every 10 minutes
};
} }

5
hosts/ward/microvms/loki.nix
View file

@ -127,5 +127,8 @@ in {
}; };
}; };
systemd.services.loki.after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; systemd.services.loki = {
after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
serviceConfig.RestartSec = "600"; # Retry every 10 minutes
};
} }

1
hosts/ward/microvms/vaultwarden.nix
View file

@ -90,5 +90,6 @@ in {
systemd.services.vaultwarden = { systemd.services.vaultwarden = {
after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"]; after = ["sys-subsystem-net-devices-${utils.escapeSystemdPath "proxy-sentinel"}.device"];
serviceConfig.StateDirectory = lib.mkForce "vaultwarden"; serviceConfig.StateDirectory = lib.mkForce "vaultwarden";
serviceConfig.RestartSec = "600"; # Retry every 10 minutes
}; };
} }

1
hosts/ward/net.nix
View file

@ -41,6 +41,7 @@ in {
}; };
"10-wan" = { "10-wan" = {
DHCP = "yes"; DHCP = "yes";
dhcpConfig.UseDNS = false;
#address = [ #address = [
# "192.168.178.2/24" # "192.168.178.2/24"
# "fdee::1/64" # "fdee::1/64"

1
hosts/zackbiene/net.nix
View file

@ -16,6 +16,7 @@ in {
systemd.network.networks = { systemd.network.networks = {
"10-lan1" = { "10-lan1" = {
DHCP = "yes"; DHCP = "yes";
dhcpConfig.UseDNS = false;
matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan1.mac; matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan1.mac;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";

1
modules/meta/microvms.nix
View file

@ -174,6 +174,7 @@
"10-${vmCfg.networking.mainLinkName}" = { "10-${vmCfg.networking.mainLinkName}" = {
matchConfig.MACAddress = mac; matchConfig.MACAddress = mac;
DHCP = "yes"; DHCP = "yes";
dhcpConfig.UseDNS = false;
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
MulticastDNS = true; MulticastDNS = true;