rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

falkenstein: fix dkim record and wireguard dns

Browse source
This commit is contained in:
Rouven Seifert 2024-04-10 00:30:35 +02:00
parent 34104a42fb
commit 358220a12e
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/falkenstein/modules/dns/default.nix
View file

@ -6,7 +6,7 @@ let
$ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
2024040103 ; serial
2024040800 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
@ -35,7 +35,7 @@ let
mail AAAA 2a01:4f8:c012:49de::1
@ TXT "v=spf1 mx ~all"
rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
_dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
cache CNAME nuc.rfive.de.

18
hosts/falkenstein/modules/networks/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, ... }:
{
age.secrets = {
"wireguard/dorm/private" = {
@ -11,6 +11,12 @@
};
};
environment.systemPackages = with pkgs; [
mtr
inetutils
dnsutils
wireguard-tools
];
networking = {
hostName = "falkenstein";
nftables.enable = true;
@ -18,6 +24,7 @@
useNetworkd = true;
enableIPv6 = true;
firewall = {
allowedUDPPorts = [ 51820 ];
extraInputRules = ''
ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
'';
@ -31,10 +38,6 @@
"2620:fe::fe"
"2620:fe::9"
];
extraConfig = ''
[Resolve]
DNSStubListener=no
'';
};
systemd.network = {
enable = true;
@ -86,8 +89,9 @@
matchConfig.Name = "wg0";
networkConfig = {
Address = "192.168.43.4/32";
DNS = "192.168.42.1";
DNSSEC = true;
DNS = "192.168.43.1";
Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
DNSSEC = false;
BindCarrier = [ "ens3" ];
};
};