diff --git a/flake.lock b/flake.lock index 8af43d6..32fe23c 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "betterfox": { "flake": false, "locked": { - "lastModified": 1772315048, - "narHash": "sha256-rUuEfbjIXox5x5ul/4VarIm7bii/SCcDJjocEbHA1kM=", + "lastModified": 1769104536, + "narHash": "sha256-D2MIFdYMS3xrfO2vDYjCmC3Ah96jg5XUzvwMX3xJQBo=", "owner": "yokoffing", "repo": "Betterfox", - "rev": "f1c8e3809dbd23f4f9aa1e5e70805c61734b1f14", + "rev": "310cbdee6ca20eb881749a559cb572ce9272a981", "type": "github" }, "original": { @@ -25,11 +25,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1772353697, - "narHash": "sha256-d9puAIgmq0emWPwHjGFklWoie9b9Qghy4GSL1YpgxIU=", + "lastModified": 1772015457, + "narHash": "sha256-F59AGLXs/kLBYK8kfvev5OPoLmpb6G9XF/1vk27Gzu4=", "owner": "nlewo", "repo": "comin", - "rev": "f3125c37f85bc0752930bb66a72f532e9ff9eb82", + "rev": "d5bbf20a7e3afe492ab5b05e0250635f4e51da44", "type": "github" }, "original": { @@ -88,11 +88,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1772424169, - "narHash": "sha256-mhv7yclJj+qCagNv0WOuob5yQNV1aTqKcJLfBMUqsVA=", + "lastModified": 1772251378, + "narHash": "sha256-hZ5TwCAxef1e3S2V/BCL3LYaXYDyhXXu3SJjpmIxc/s=", "owner": "rycee", "repo": "nur-expressions", - "rev": "701de032cc247a1c309a34f0ed646e824efd7ac6", + "rev": "80fa37b486765fc20784b7e3028a3eda04ce0067", "type": "gitlab" }, "original": { @@ -123,11 +123,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1772380125, - "narHash": "sha256-8C+y46xA9bxcchj9GeDPJaRUDApaA3sy2fhJr1bTbUw=", + "lastModified": 1772020340, + "narHash": "sha256-aqBl3GNpCadMoJ/hVkWTijM1Aeilc278MjM+LA3jK6g=", "owner": "nix-community", "repo": "home-manager", - "rev": "a07a44a839eb036e950bf397d9b782916f8dcab3", + "rev": "36e38ca0d9afe4c55405fdf22179a5212243eecc", "type": "github" }, "original": { @@ -267,11 +267,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "lastModified": 1771848320, + "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "2fc6539b481e1d2569f25f8799236694180c0993", "type": "github" }, "original": { @@ -371,11 +371,11 @@ ] }, "locked": { - "lastModified": 1772401007, - "narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=", + "lastModified": 1772048434, + "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=", "owner": "Mic92", "repo": "sops-nix", - "rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4", + "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9", "type": "github" }, "original": { @@ -467,11 +467,11 @@ ] }, "locked": { - "lastModified": 1772419365, - "narHash": "sha256-+IjvRKrbSQX9/ikWy1ptPJBqG+RildNl7Cd9yypyzU0=", + "lastModified": 1772245870, + "narHash": "sha256-MkcFNrEGekMhQRUB0/F6Jacp/LBUgNvZuacAwhPt7I0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "96e284c58556366535781d9a476121b2b5e839f1", + "rev": "71308308af11faffcace34b6512579c59ce45bcd", "type": "github" }, "original": { diff --git a/hosts/homeserver/default.nix b/hosts/homeserver/default.nix index 12b1f8b..e8ff995 100644 --- a/hosts/homeserver/default.nix +++ b/hosts/homeserver/default.nix @@ -21,7 +21,7 @@ }; services = { - private-nameserver.enable = true; + nameservers.overlay.enable = true; syncthing = { enable = true; diff --git a/hosts/vps-ns/default.nix b/hosts/vps-ns/default.nix index c7c73ea..98fdcce 100644 --- a/hosts/vps-ns/default.nix +++ b/hosts/vps-ns/default.nix @@ -20,9 +20,9 @@ }; }; - services = { - private-nameserver.enable = true; - public-nameserver = { + services.nameservers = { + overlay.enable = true; + public = { enable = true; zones = [ "sprouted.cloud" diff --git a/hosts/vps-public/default.nix b/hosts/vps-public/default.nix index c2bac90..4991e42 100644 --- a/hosts/vps-public/default.nix +++ b/hosts/vps-public/default.nix @@ -21,7 +21,7 @@ }; }; - services.public-nameserver = { + services.nameservers.public = { enable = true; zones = [ "sprouted.cloud" diff --git a/modules/nixos/networking/overlay.nix b/modules/nixos/networking/overlay.nix index 3783352..d67c7ed 100644 --- a/modules/nixos/networking/overlay.nix +++ b/modules/nixos/networking/overlay.nix @@ -63,7 +63,7 @@ in default = allHosts |> lib.attrValues - |> lib.filter (host: host.config.custom.services.private-nameserver.enable) + |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable) |> lib.map (host: host.config.custom.networking.overlay.address); }; diff --git a/modules/nixos/networking/underlay.nix b/modules/nixos/networking/underlay.nix index 1c928ae..20f9efa 100644 --- a/modules/nixos/networking/underlay.nix +++ b/modules/nixos/networking/underlay.nix @@ -56,11 +56,6 @@ in Gateway = cfg.gateway; GatewayOnLink = true; }; - dns = lib.mkIf (!cfg.useDhcp) [ - "1.1.1.1#cloudflare-dns.com" - "8.8.8.8#dns.google" - "9.9.9.9#dns.quad9.net" - ]; }; }; diff --git a/modules/nixos/services/nameservers/private.nix b/modules/nixos/services/nameservers/overlay.nix similarity index 89% rename from modules/nixos/services/nameservers/private.nix rename to modules/nixos/services/nameservers/overlay.nix index b19982e..54e9f32 100644 --- a/modules/nixos/services/nameservers/private.nix +++ b/modules/nixos/services/nameservers/overlay.nix @@ -7,7 +7,7 @@ ... }: let - cfg = config.custom.services.private-nameserver; + cfg = config.custom.services.nameservers.overlay; netCfg = config.custom.networking; zoneData = inputs.dns.lib.toString netCfg.overlay.domain { @@ -20,7 +20,7 @@ let NS = allHosts |> lib.attrValues - |> lib.filter (host: host.config.custom.services.private-nameserver.enable) + |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable) |> lib.map (host: "${host.config.custom.networking.overlay.fqdn}."); subdomains = @@ -58,7 +58,7 @@ let }; in { - options.custom.services.private-nameserver.enable = lib.mkEnableOption ""; + options.custom.services.nameservers.overlay.enable = lib.mkEnableOption ""; config = lib.mkIf cfg.enable { services = { diff --git a/modules/nixos/services/nameservers/public.nix b/modules/nixos/services/nameservers/public.nix index 79dbd6d..0841d75 100644 --- a/modules/nixos/services/nameservers/public.nix +++ b/modules/nixos/services/nameservers/public.nix @@ -6,7 +6,7 @@ ... }: let - cfg = config.custom.services.public-nameserver; + cfg = config.custom.services.nameservers.public; netCfg = config.custom.networking; zoneData = @@ -38,7 +38,7 @@ let nsRecords = allHosts |> lib.attrValues - |> lib.filter (host: host.config.custom.services.public-nameserver.enable) + |> lib.filter (host: host.config.custom.services.nameservers.public.enable) |> lib.map (host: { name = host.config.custom.networking.hostName; inherit (host.config.custom.networking.underlay) address; @@ -64,7 +64,7 @@ let }; in { - options.custom.services.public-nameserver = { + options.custom.services.nameservers.public = { enable = lib.mkEnableOption ""; zones = lib.mkOption { type = lib.types.nonEmptyListOf lib.types.nonEmptyStr; @@ -73,11 +73,6 @@ in }; config = lib.mkIf cfg.enable { - networking.firewall = { - allowedTCPPorts = [ 53 ]; - allowedUDPPorts = [ 53 ]; - }; - services.nsd = { enable = true; interfaces = [ netCfg.underlay.interface ]; diff --git a/modules/nixos/services/nebula/default.nix b/modules/nixos/services/nebula/default.nix index 45e2a7c..2fa908f 100644 --- a/modules/nixos/services/nebula/default.nix +++ b/modules/nixos/services/nebula/default.nix @@ -133,7 +133,6 @@ in address = [ netCfg.overlay.cidr ]; dns = netCfg.overlay.dnsServers; domains = [ netCfg.overlay.domain ]; - networkConfig.DNSSEC = false; }; }; }; diff --git a/tests/infrastructure/default.nix b/tests/infrastructure/default.nix index 0838d71..ee077bf 100644 --- a/tests/infrastructure/default.nix +++ b/tests/infrastructure/default.nix @@ -58,7 +58,7 @@ }; }; - services.private-nameserver.enable = true; + services.nameservers.overlay.enable = true; }; };