2026-03-23 21:18:27 +01:00
10 changed files with 40 additions and 51 deletions
--- a/flake.lock
+++ b/flake.lock
@ -3,11 +3,11 @@
    "betterfox": {
      "flake": false,
      "locked": {
-        "lastModified": 1772315048,
-        "narHash": "sha256-rUuEfbjIXox5x5ul/4VarIm7bii/SCcDJjocEbHA1kM=",
+        "lastModified": 1769104536,
+        "narHash": "sha256-D2MIFdYMS3xrfO2vDYjCmC3Ah96jg5XUzvwMX3xJQBo=",
        "owner": "yokoffing",
        "repo": "Betterfox",
-        "rev": "f1c8e3809dbd23f4f9aa1e5e70805c61734b1f14",
+        "rev": "310cbdee6ca20eb881749a559cb572ce9272a981",
        "type": "github"
      },
      "original": {
@ -25,11 +25,11 @@
        "treefmt-nix": "treefmt-nix"
      },
      "locked": {
-        "lastModified": 1772353697,
-        "narHash": "sha256-d9puAIgmq0emWPwHjGFklWoie9b9Qghy4GSL1YpgxIU=",
+        "lastModified": 1772015457,
+        "narHash": "sha256-F59AGLXs/kLBYK8kfvev5OPoLmpb6G9XF/1vk27Gzu4=",
        "owner": "nlewo",
        "repo": "comin",
-        "rev": "f3125c37f85bc0752930bb66a72f532e9ff9eb82",
+        "rev": "d5bbf20a7e3afe492ab5b05e0250635f4e51da44",
        "type": "github"
      },
      "original": {
@ -88,11 +88,11 @@
      },
      "locked": {
        "dir": "pkgs/firefox-addons",
-        "lastModified": 1772424169,
-        "narHash": "sha256-mhv7yclJj+qCagNv0WOuob5yQNV1aTqKcJLfBMUqsVA=",
+        "lastModified": 1772251378,
+        "narHash": "sha256-hZ5TwCAxef1e3S2V/BCL3LYaXYDyhXXu3SJjpmIxc/s=",
        "owner": "rycee",
        "repo": "nur-expressions",
-        "rev": "701de032cc247a1c309a34f0ed646e824efd7ac6",
+        "rev": "80fa37b486765fc20784b7e3028a3eda04ce0067",
        "type": "gitlab"
      },
      "original": {
@ -123,11 +123,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1772408722,
-        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
+        "lastModified": 1769996383,
+        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
+        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
        "type": "github"
      },
      "original": {
@ -179,11 +179,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772380125,
-        "narHash": "sha256-8C+y46xA9bxcchj9GeDPJaRUDApaA3sy2fhJr1bTbUw=",
+        "lastModified": 1772020340,
+        "narHash": "sha256-aqBl3GNpCadMoJ/hVkWTijM1Aeilc278MjM+LA3jK6g=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a07a44a839eb036e950bf397d9b782916f8dcab3",
+        "rev": "36e38ca0d9afe4c55405fdf22179a5212243eecc",
        "type": "github"
      },
      "original": {
@ -267,11 +267,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1772328832,
-        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
+        "lastModified": 1769909678,
+        "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
+        "rev": "72716169fe93074c333e8d0173151350670b824c",
        "type": "github"
      },
      "original": {
@ -282,11 +282,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1772198003,
-        "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=",
+        "lastModified": 1771848320,
+        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
+        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
        "type": "github"
      },
      "original": {
@ -371,11 +371,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772401007,
-        "narHash": "sha256-YHykQg0h9hrlZGpMcywnaFzQ1Kn/5YNCCOSaaAl6z7Q=",
+        "lastModified": 1772048434,
+        "narHash": "sha256-/wA0OaH6kZ/pFA+nXR/tvg5oupOmEDmMS5us79JT60o=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "d8be5ea4cd3bc363492ab5bc6e874ccdc5465fe4",
+        "rev": "334daa7c273dd8bf7a0cd370e4e16022b64e55e9",
        "type": "github"
      },
      "original": {
@ -467,11 +467,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1772419365,
-        "narHash": "sha256-+IjvRKrbSQX9/ikWy1ptPJBqG+RildNl7Cd9yypyzU0=",
+        "lastModified": 1772245870,
+        "narHash": "sha256-MkcFNrEGekMhQRUB0/F6Jacp/LBUgNvZuacAwhPt7I0=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "96e284c58556366535781d9a476121b2b5e839f1",
+        "rev": "71308308af11faffcace34b6512579c59ce45bcd",
        "type": "github"
      },
      "original": {
--- a/hosts/homeserver/default.nix
+++ b/hosts/homeserver/default.nix
@ -21,7 +21,7 @@
      };

      services = {
-        private-nameserver.enable = true;
+        nameservers.overlay.enable = true;

        syncthing = {
          enable = true;
--- a/hosts/vps-ns/default.nix
+++ b/hosts/vps-ns/default.nix
@ -20,9 +20,9 @@
      };
    };

-    services = {
-      private-nameserver.enable = true;
-      public-nameserver = {
+    services.nameservers = {
+      overlay.enable = true;
+      public = {
        enable = true;
        zones = [
          "sprouted.cloud"
--- a/hosts/vps-public/default.nix
+++ b/hosts/vps-public/default.nix
@ -21,7 +21,7 @@
        };
      };

-      services.public-nameserver = {
+      services.nameservers.public = {
        enable = true;
        zones = [
          "sprouted.cloud"
--- a/modules/nixos/networking/overlay.nix
+++ b/modules/nixos/networking/overlay.nix
@ -63,7 +63,7 @@ in
      default =
        allHosts
        |> lib.attrValues
-        |> lib.filter (host: host.config.custom.services.private-nameserver.enable)
+        |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable)
        |> lib.map (host: host.config.custom.networking.overlay.address);
    };

--- a/modules/nixos/networking/underlay.nix
+++ b/modules/nixos/networking/underlay.nix
@ -56,11 +56,6 @@ in
            Gateway = cfg.gateway;
            GatewayOnLink = true;
          };
-          dns = lib.mkIf (!cfg.useDhcp) [
-            "1.1.1.1#cloudflare-dns.com"
-            "8.8.8.8#dns.google"
-            "9.9.9.9#dns.quad9.net"
-          ];
        };
      };

--- a/modules/nixos/services/nameservers/overlay.nix
+++ b/modules/nixos/services/nameservers/overlay.nix
@ -7,7 +7,7 @@
  ...
 }:
 let
-  cfg = config.custom.services.private-nameserver;
+  cfg = config.custom.services.nameservers.overlay;
  netCfg = config.custom.networking;

  zoneData = inputs.dns.lib.toString netCfg.overlay.domain {
@ -20,7 +20,7 @@ let
    NS =
      allHosts
      |> lib.attrValues
-      |> lib.filter (host: host.config.custom.services.private-nameserver.enable)
+      |> lib.filter (host: host.config.custom.services.nameservers.overlay.enable)
      |> lib.map (host: "${host.config.custom.networking.overlay.fqdn}.");

    subdomains =
@ -58,7 +58,7 @@ let
  };
 in
 {
-  options.custom.services.private-nameserver.enable = lib.mkEnableOption "";
+  options.custom.services.nameservers.overlay.enable = lib.mkEnableOption "";

  config = lib.mkIf cfg.enable {
    services = {
--- a/modules/nixos/services/nameservers/public.nix
+++ b/modules/nixos/services/nameservers/public.nix
@ -6,7 +6,7 @@
  ...
 }:
 let
-  cfg = config.custom.services.public-nameserver;
+  cfg = config.custom.services.nameservers.public;
  netCfg = config.custom.networking;

  zoneData =
@ -38,7 +38,7 @@ let
      nsRecords =
        allHosts
        |> lib.attrValues
-        |> lib.filter (host: host.config.custom.services.public-nameserver.enable)
+        |> lib.filter (host: host.config.custom.services.nameservers.public.enable)
        |> lib.map (host: {
          name = host.config.custom.networking.hostName;
          inherit (host.config.custom.networking.underlay) address;
@ -64,7 +64,7 @@ let
    };
 in
 {
-  options.custom.services.public-nameserver = {
+  options.custom.services.nameservers.public = {
    enable = lib.mkEnableOption "";
    zones = lib.mkOption {
      type = lib.types.nonEmptyListOf lib.types.nonEmptyStr;
@ -73,11 +73,6 @@ in
  };

  config = lib.mkIf cfg.enable {
-    networking.firewall = {
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
-    };
-
    services.nsd = {
      enable = true;
      interfaces = [ netCfg.underlay.interface ];
--- a/modules/nixos/services/nebula/default.nix
+++ b/modules/nixos/services/nebula/default.nix
@ -133,7 +133,6 @@ in
        address = [ netCfg.overlay.cidr ];
        dns = netCfg.overlay.dnsServers;
        domains = [ netCfg.overlay.domain ];
-        networkConfig.DNSSEC = false;
      };
    };
  };
--- a/tests/infrastructure/default.nix
+++ b/tests/infrastructure/default.nix
@ -58,7 +58,7 @@
          };
        };

-        services.private-nameserver.enable = true;
+        services.nameservers.overlay.enable = true;
      };
    };