From 8e91973c70e22b8c61f723f4f60e0b5ca853ff5c Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Thu, 28 Sep 2023 18:33:00 +0800 Subject: [PATCH] config: add comments --- flake.nix | 6 ++++++ hosts/plover/modules/services/bind.nix | 7 ++++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 1025d2f0..228065e9 100644 --- a/flake.nix +++ b/flake.nix @@ -87,6 +87,12 @@ # The order here is important(?). overlays = [ + # My own set of Firefox addons. They're not included in the packages + # output since they'll be a pain in the ass to set up for others when + # this is also included. If I set this up to be easily included in + # others' flake, it'll have a potential conflict for NUR users + # (including myself) that also relies on rycee's NUR instance. Overall, + # it's a pain to setup so I'm not including this. (final: prev: { inherit (inputs.firefox-addons.lib.${defaultSystem}) buildFirefoxXpiAddon; firefox-addons = final.callPackage ./pkgs/firefox-addons { }; diff --git a/hosts/plover/modules/services/bind.nix b/hosts/plover/modules/services/bind.nix index ae5bf632..dd604079 100644 --- a/hosts/plover/modules/services/bind.nix +++ b/hosts/plover/modules/services/bind.nix @@ -130,6 +130,8 @@ in allow-query { any; }; allow-recursion { any; }; + + // We'll use systemd-resolved as our forwarder. forwarders { 127.0.0.53 port 53; }; zone "${fqdn}" { @@ -184,9 +186,8 @@ in ''; serviceConfig = { - # Additional service hardening. You can see most of the options - # from systemd.exec(5) manual. - # Run it as an unprivileged user. + # Additional service hardening. You can see most of the options from + # systemd.exec(5) manual. Run it as an unprivileged user. User = config.users.users.named.name; Group = config.users.users.named.group; UMask = "0037";