diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix index d2de65e1..7cd4dbfd 100644 --- a/hosts/ni/default.nix +++ b/hosts/ni/default.nix @@ -203,8 +203,6 @@ in networking.wg-quick.interfaces.wireguard0 = { privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path; - dns = with wireguardPeers.server; [ IPv4 IPv6 ]; - address = with wireguardPeers.desktop; [ "${IPv4}/24" "${IPv6}/96" diff --git a/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix b/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix index c0df858b..e1087d4c 100644 --- a/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix +++ b/hosts/plover/modules/hardware/hetzner-cloud-cx21.nix @@ -5,15 +5,11 @@ # from nixos-generators. let inherit (builtins) toString; - inherit (import ./networks.nix) interfaces preferredInternalTLD privateIPv6Prefix; + inherit (import ./networks.nix) interfaces; # This is just referring to the same interface just with alternative names. mainEthernetInterfaceNames = [ "ens3" "enp0s3" ]; internalEthernetInterfaceNames = [ "ens10" "enp0s10" ]; - - internalDomains = [ - "~${config.networking.domain}.${preferredInternalTLD}" - ]; in { imports = [ @@ -57,14 +53,16 @@ in # The internal DNS server of choice. services.dnsmasq = { enable = true; - settings.listen-address = with interfaces.internal; [ IPv4.address IPv6.address ]; + settings = { + listen-address = with interfaces.internal; [ IPv4.address IPv6.address ]; + port = 3908; + }; }; # The main DNS server (not exactly by choice). services.resolved = { enable = true; dnssec = "true"; - domains = internalDomains; }; # The interface configuration is based from the following discussion: @@ -93,7 +91,6 @@ in }; }; - # The internal server. "20-lan" = with interfaces.internal; { matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames; @@ -106,11 +103,6 @@ in IPv4.gateway IPv6.gateway ]; - - networkConfig = { - DNS = [ interfaces.internal.IPv4.address ]; - Domains = lib.concatStringsSep " " internalDomains; - }; }; }; }; diff --git a/hosts/plover/modules/services/wireguard.nix b/hosts/plover/modules/services/wireguard.nix index ed28700a..97c972de 100644 --- a/hosts/plover/modules/services/wireguard.nix +++ b/hosts/plover/modules/services/wireguard.nix @@ -5,12 +5,16 @@ let acmeName = "wireguard.${config.networking.domain}"; inherit (builtins) toString; - inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers; + inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers preferredInternalTLD; wireguardIFName = "wireguard0"; desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/24" "${IPv6}/96" ]; phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/24" "${IPv6}/96" ]; + + internalDomains = [ + "~${config.networking.domain}.${preferredInternalTLD}" + ]; in { environment.systemPackages = [ pkgs.wireguard-tools ]; @@ -52,6 +56,18 @@ in networks."99-${wireguardIFName}" = { matchConfig.Name = wireguardIFName; + + networkConfig = { + DNS = with interfaces.internal; let + internalDNSPort = config.services.dnsmasq.settings.port; + in [ + "${IPv4.address}:${toString internalDNSPort}" + "${IPv6.address}:${toString internalDNSPort}" + ]; + Domains = lib.concatStringsSep " " internalDomains; + DNSDefaultRoute = false; + }; + address = with interfaces.wireguard0; [ "${IPv4.address}/32" "${IPv6.address}/128"