foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 18:19:09 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts: fix Wireguard DNS settings

Browse Source
This commit is contained in:
Gabriel Arazas 2023-02-06 19:32:55 +08:00
parent 12abc5146e
commit efdbc4c103
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
3 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/ni/default.nix
View File

@ -203,8 +203,6 @@ in
networking.wg-quick.interfaces.wireguard0 = { networking.wg-quick.interfaces.wireguard0 = {
privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path; privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
dns = with wireguardPeers.server; [ IPv4 IPv6 ];
address = with wireguardPeers.desktop; [ address = with wireguardPeers.desktop; [
"${IPv4}/24" "${IPv4}/24"
"${IPv6}/96" "${IPv6}/96"

18
hosts/plover/modules/hardware/hetzner-cloud-cx21.nix
View File

@ -5,15 +5,11 @@
# from nixos-generators. # from nixos-generators.
let let
inherit (builtins) toString; inherit (builtins) toString;
inherit (import ./networks.nix) interfaces preferredInternalTLD privateIPv6Prefix; inherit (import ./networks.nix) interfaces;
# This is just referring to the same interface just with alternative names. # This is just referring to the same interface just with alternative names.
mainEthernetInterfaceNames = [ "ens3" "enp0s3" ]; mainEthernetInterfaceNames = [ "ens3" "enp0s3" ];
internalEthernetInterfaceNames = [ "ens10" "enp0s10" ]; internalEthernetInterfaceNames = [ "ens10" "enp0s10" ];
internalDomains = [
"~${config.networking.domain}.${preferredInternalTLD}"
];
in in
{ {
imports = [ imports = [
@ -57,14 +53,16 @@ in
# The internal DNS server of choice. # The internal DNS server of choice.
services.dnsmasq = { services.dnsmasq = {
enable = true; enable = true;
settings.listen-address = with interfaces.internal; [ IPv4.address IPv6.address ]; settings = {
listen-address = with interfaces.internal; [ IPv4.address IPv6.address ];
port = 3908;
};
}; };
# The main DNS server (not exactly by choice). # The main DNS server (not exactly by choice).
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "true"; dnssec = "true";
domains = internalDomains;
}; };
# The interface configuration is based from the following discussion: # The interface configuration is based from the following discussion:
@ -93,7 +91,6 @@ in
}; };
}; };
# The internal server.
"20-lan" = with interfaces.internal; { "20-lan" = with interfaces.internal; {
matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames; matchConfig.Name = lib.concatStringsSep " " internalEthernetInterfaceNames;
@ -106,11 +103,6 @@ in
IPv4.gateway IPv4.gateway
IPv6.gateway IPv6.gateway
]; ];
networkConfig = {
DNS = [ interfaces.internal.IPv4.address ];
Domains = lib.concatStringsSep " " internalDomains;
};
}; };
}; };
}; };

18
hosts/plover/modules/services/wireguard.nix
View File

@ -5,12 +5,16 @@
let let
acmeName = "wireguard.${config.networking.domain}"; acmeName = "wireguard.${config.networking.domain}";
inherit (builtins) toString; inherit (builtins) toString;
inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers; inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers preferredInternalTLD;
wireguardIFName = "wireguard0"; wireguardIFName = "wireguard0";
desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/24" "${IPv6}/96" ]; desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/24" "${IPv6}/96" ];
phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/24" "${IPv6}/96" ]; phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/24" "${IPv6}/96" ];
internalDomains = [
"~${config.networking.domain}.${preferredInternalTLD}"
];
in in
{ {
environment.systemPackages = [ pkgs.wireguard-tools ]; environment.systemPackages = [ pkgs.wireguard-tools ];
@ -52,6 +56,18 @@ in
networks."99-${wireguardIFName}" = { networks."99-${wireguardIFName}" = {
matchConfig.Name = wireguardIFName; matchConfig.Name = wireguardIFName;
networkConfig = {
DNS = with interfaces.internal; let
internalDNSPort = config.services.dnsmasq.settings.port;
in [
"${IPv4.address}:${toString internalDNSPort}"
"${IPv6.address}:${toString internalDNSPort}"
];
Domains = lib.concatStringsSep " " internalDomains;
DNSDefaultRoute = false;
};
address = with interfaces.wireguard0; [ address = with interfaces.wireguard0; [
"${IPv4.address}/32" "${IPv4.address}/32"
"${IPv6.address}/128" "${IPv6.address}/128"