diff options
| author | Alex Auvolat <alex@adnab.me> | 2024-02-06 17:55:39 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2024-02-06 17:55:39 +0100 |
| commit | 68153b894f7f227d4e7714c6d138454df521d31c (patch) | |
| tree | b97371fdcadbc478da471ab1b10621017b20fd83 /nixos | |
| parent | 751261487ea1b628b7d683be4a0b23ac234be86a (diff) | |
| download | user-config-68153b894f7f227d4e7714c6d138454df521d31c.tar.gz user-config-68153b894f7f227d4e7714c6d138454df521d31c.zip | |
remove unbound dns resolver on local pcs
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/common.nix | 21 | ||||
| -rw-r--r-- | nixos/kusanagi.nix | 6 | ||||
| -rw-r--r-- | nixos/lindy.nix | 3 |
3 files changed, 4 insertions, 26 deletions
diff --git a/nixos/common.nix b/nixos/common.nix index 729e0d9..9ae7a60 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -32,27 +32,6 @@ networking.networkmanager.enable = true; - services.unbound = - let - alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ]; - in { - enable = true; - resolveLocalQueries = lib.mkDefault true; - settings = { - server = { - log-servfail = true; - domain-insecure = alfisTld; - }; - forward-zone = map (tld: { - name = tld; - forward-addr = "324:71e:281a:9ed3::53"; - forward-tcp-upstream = false; - forward-tls-upstream = false; - }) alfisTld; - }; - }; - services.resolved.enable = false; - # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 2022 # openssh diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix index d2cd13c..4bd5b77 100644 --- a/nixos/kusanagi.nix +++ b/nixos/kusanagi.nix @@ -97,7 +97,7 @@ in # ---- immutable user config for tmpfs root ---- users.mutableUsers = false; - users.users.lx.passwordFile = "/Z/lx/.password"; + users.users.lx.hashedPasswordFile = "/Z/lx/.password"; users.users.lx.uid = 1000; users.users.lx.extraGroups = [ "vboxusers" "docker" ]; @@ -115,10 +115,6 @@ in nix.gc.automatic = false; - # ---- disable unbound dns resolution ---- - - services.unbound.resolveLocalQueries = false; - # ---- improve graphics ---- services.xserver.videoDrivers = [ "intel" ]; diff --git a/nixos/lindy.nix b/nixos/lindy.nix index 5e16fd8..6db2f06 100644 --- a/nixos/lindy.nix +++ b/nixos/lindy.nix @@ -148,6 +148,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key virtualisation.virtualbox.host.enable = true; users.users.lx.extraGroups = [ "docker" "vboxusers" ]; + # Use resolver from network + services.resolved.enable = false; + # Making dev work available outside networking.firewall.allowedTCPPorts = [ # 8910 8920 # web dev |