omen: re-enable systemd-resolved

Signed-off-by: magic_rb <magic_rb@redalder.org>
hela: set DNS properly to itself
2024-11-29 03:26:13 +01:00 · 2024-11-15 14:25:07 +01:00 · 2024-11-15 14:04:33 +01:00 · 2024-11-14 22:23:03 +01:00
3 changed files with 23 additions and 21 deletions
--- a/nixos/systems/hela/dns.nix
+++ b/nixos/systems/hela/dns.nix
@ -99,4 +99,9 @@ in {
      cache_size = 128;
    };
  };
+
+  services.resolved.fallbackDns = lib.mkForce [];
+  networking.nameservers = lib.mkForce [
+    "10.1.0.1"
+  ];
 }
--- a/nixos/systems/hela/networking/border.nix
+++ b/nixos/systems/hela/networking/border.nix
@ -292,7 +292,7 @@
              policy = f: f.accept;
            }
            [
-              (is.eq meta.iifname (set ["ppp-slan" "dmz"]))
+              (is.eq meta.iifname (set ["dmz"]))
              (is.eq th.dport 53)
              (jump "redirect_dns")
            ]
--- a/nixos/systems/omen/networking.nix
+++ b/nixos/systems/omen/networking.nix
@ -17,8 +17,6 @@ in {

    hostId = "10c7ffc5";

-    nameservers = [(secret.network.ips.blowhole.ip or "")];
-
    firewall.enable = false;

    wireguard.interfaces."wg0" =
@ -73,35 +71,34 @@ in {
    linkConfig.Name = "eth1";
  };

-  systemd.network.networks."50-eth0" = {
-    matchConfig.Name = "eth0";
+  systemd.network.networks."50-eth" = {
+    matchConfig.Name = "eth?";
    networkConfig.DHCP = "ipv4";
    linkConfig.RequiredForOnline = "no";
+    extraConfig = ''
+      [DHCP]
+      UseDNS=false
+    '';
  };

-  systemd.network.networks."50-eth1" = {
-    matchConfig.Name = "eth1";
+  systemd.network.networks."50-wlan" = {
+    matchConfig.Name = "wlan?";
    networkConfig.DHCP = "ipv4";
-    linkConfig.RequiredForOnline = "no";
+    extraConfig = ''
+      [DHCP]
+      UseDNS=false
+    '';
  };

  systemd.network.wait-online.enable = false;

-  services.resolved.enable = false;
-  environment.etc."resolv.conf".text = ''
-    nameserver ${secret.network.ips.blowhole.ip or ""}
-  '';
-
-  services.resolved.extraConfig = ''
-    [Resolve]
-    DNS=${secret.network.ips.blowhole.ip or ""}
-    FallbackDNS=
-  '';
+  services.resolved.enable = true;
+  services.resolved.fallbackDns = lib.mkForce [];
+  networking.nameservers = lib.mkForce [
+    (secret.network.ips.blowhole.ip or "")
+  ];

  networking.wireless.iwd.enable = true;
-  networking.wireless.iwd.settings = {
-    General.EnableNetworkConfiguration = true;
-  };
  hardware.bluetooth = {
    enable = true;
    settings = {
Author	SHA1	Message	Date
magic_rb	b0db2aaef1	`omen`: re-enable `systemd-resolved` Signed-off-by: magic_rb <magic_rb@redalder.org>	2024-11-15 14:25:07 +01:00
magic_rb	ceb4aeb107	`hela`: set DNS properly to itself Signed-off-by: magic_rb <magic_rb@redalder.org>	2024-11-15 14:04:33 +01:00
magic_rb	17fce2445a	`hela`: disable DNS capture for `ppp-slan` since it somehow breaks Parsec Signed-off-by: magic_rb <magic_rb@redalder.org>	2024-11-14 22:23:03 +01:00