diff options
| author | Alex Auvolat <alex@adnab.me> | 2023-03-24 12:58:44 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2023-03-24 12:58:44 +0100 |
| commit | a0db30ca26ee0ca8c8efbabd76ba584331b5337c (patch) | |
| tree | b9829924799c71028084a0f37b469226a35c1ee9 /cluster/staging | |
| parent | 76c8e8f0b0a703c7b067d3315a93d0512fbf2e76 (diff) | |
| download | nixcfg-a0db30ca26ee0ca8c8efbabd76ba584331b5337c.tar.gz nixcfg-a0db30ca26ee0ca8c8efbabd76ba584331b5337c.zip | |
Sanitize DNS configuration
- get rid of outside nameserver, unbound does the recursive resolving
itself (and it checks DNSSEC)
- remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on
port 53 (was already obsolete)
- make unbound config independant of LAN IPv4 address
Diffstat (limited to 'cluster/staging')
| -rw-r--r-- | cluster/staging/site/bespin.nix | 1 | ||||
| -rw-r--r-- | cluster/staging/site/corrin.nix | 1 | ||||
| -rw-r--r-- | cluster/staging/site/jupiter.nix | 1 | ||||
| -rw-r--r-- | cluster/staging/site/neptune.nix | 1 |
4 files changed, 0 insertions, 4 deletions
diff --git a/cluster/staging/site/bespin.nix b/cluster/staging/site/bespin.nix index 9401f74..1133603 100644 --- a/cluster/staging/site/bespin.nix +++ b/cluster/staging/site/bespin.nix @@ -6,7 +6,6 @@ deuxfleurs.ipv6_default_gateway = "2a02:a03f:6510:5102::1"; deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.5.254" ]; deuxfleurs.cname_target = "bespin.site.staging.deuxfleurs.org."; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/cluster/staging/site/corrin.nix b/cluster/staging/site/corrin.nix index ca2ae49..8bf8693 100644 --- a/cluster/staging/site/corrin.nix +++ b/cluster/staging/site/corrin.nix @@ -6,7 +6,6 @@ deuxfleurs.ipv6_default_gateway = "fe80::7ec1:77ff:fe3e:bb90"; deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.1" ]; deuxfleurs.cname_target = "corrin.site.staging.deuxfleurs.org."; deuxfleurs.public_ipv4 = "82.120.233.78"; diff --git a/cluster/staging/site/jupiter.nix b/cluster/staging/site/jupiter.nix index 31b9f47..291e582 100644 --- a/cluster/staging/site/jupiter.nix +++ b/cluster/staging/site/jupiter.nix @@ -6,7 +6,6 @@ deuxfleurs.ipv6_default_gateway = "fe80::9038:202a:73a0:e73b"; deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.1" ]; deuxfleurs.cname_target = "jupiter.site.staging.deuxfleurs.org."; # no public ipv4 is used for the staging cluster on Jupiter diff --git a/cluster/staging/site/neptune.nix b/cluster/staging/site/neptune.nix index 5399826..b030b46 100644 --- a/cluster/staging/site/neptune.nix +++ b/cluster/staging/site/neptune.nix @@ -6,7 +6,6 @@ deuxfleurs.ipv6_default_gateway = "2001:910:1204:1::1"; deuxfleurs.lan_ip_prefix_length = 24; deuxfleurs.ipv6_prefix_length = 64; - deuxfleurs.nameservers = [ "192.168.1.1" ]; deuxfleurs.cname_target = "neptune.site.staging.deuxfleurs.org."; # no public ipv4 is used for the staging cluster on Neptune, |