From 68153b894f7f227d4e7714c6d138454df521d31c Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 6 Feb 2024 17:55:39 +0100 Subject: remove unbound dns resolver on local pcs --- nixos/common.nix | 21 --------------------- nixos/kusanagi.nix | 6 +----- nixos/lindy.nix | 3 +++ 3 files changed, 4 insertions(+), 26 deletions(-) diff --git a/nixos/common.nix b/nixos/common.nix index 729e0d9..9ae7a60 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -32,27 +32,6 @@ networking.networkmanager.enable = true; - services.unbound = - let - alfisTld = [ "anon." "btn." "conf." "index." "merch." "mirror." "mob." "screen." "srv." "ygg." ]; - in { - enable = true; - resolveLocalQueries = lib.mkDefault true; - settings = { - server = { - log-servfail = true; - domain-insecure = alfisTld; - }; - forward-zone = map (tld: { - name = tld; - forward-addr = "324:71e:281a:9ed3::53"; - forward-tcp-upstream = false; - forward-tls-upstream = false; - }) alfisTld; - }; - }; - services.resolved.enable = false; - # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 2022 # openssh diff --git a/nixos/kusanagi.nix b/nixos/kusanagi.nix index d2cd13c..4bd5b77 100644 --- a/nixos/kusanagi.nix +++ b/nixos/kusanagi.nix @@ -97,7 +97,7 @@ in # ---- immutable user config for tmpfs root ---- users.mutableUsers = false; - users.users.lx.passwordFile = "/Z/lx/.password"; + users.users.lx.hashedPasswordFile = "/Z/lx/.password"; users.users.lx.uid = 1000; users.users.lx.extraGroups = [ "vboxusers" "docker" ]; @@ -115,10 +115,6 @@ in nix.gc.automatic = false; - # ---- disable unbound dns resolution ---- - - services.unbound.resolveLocalQueries = false; - # ---- improve graphics ---- services.xserver.videoDrivers = [ "intel" ]; diff --git a/nixos/lindy.nix b/nixos/lindy.nix index 5e16fd8..6db2f06 100644 --- a/nixos/lindy.nix +++ b/nixos/lindy.nix @@ -148,6 +148,9 @@ Komaru UUID=caf8496f-006b-4762-bb20-506d4c7bdb51 /nix/persist/root/komaru_key virtualisation.virtualbox.host.enable = true; users.users.lx.extraGroups = [ "docker" "vboxusers" ]; + # Use resolver from network + services.resolved.enable = false; + # Making dev work available outside networking.firewall.allowedTCPPorts = [ # 8910 8920 # web dev -- cgit v1.2.3