rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-19 01:21:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

falkenstein: fix dkim record and wireguard dns

Browse source
This commit is contained in:
Rouven Seifert 2024-04-10 00:30:35 +02:00
parent 34104a42fb
commit 358220a12e
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/falkenstein/modules/dns/default.nix
View file

@ -6,7 +6,7 @@ let
$ORIGIN rfive.de. $ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
2024040103 ; serial 2024040800 ; serial
10800 ; refresh 10800 ; refresh
3600 ; retry 3600 ; retry
604800 ; expire 604800 ; expire
@ -35,7 +35,7 @@ let
mail AAAA 2a01:4f8:c012:49de::1 mail AAAA 2a01:4f8:c012:49de::1
@ TXT "v=spf1 mx ~all" @ TXT "v=spf1 mx ~all"
rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB"
_dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" _dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de"
cache CNAME nuc.rfive.de. cache CNAME nuc.rfive.de.

18
hosts/falkenstein/modules/networks/default.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, pkgs, ... }:
{ {
age.secrets = { age.secrets = {
"wireguard/dorm/private" = { "wireguard/dorm/private" = {
@ -11,6 +11,12 @@
}; };
}; };
environment.systemPackages = with pkgs; [
mtr
inetutils
dnsutils
wireguard-tools
];
networking = { networking = {
hostName = "falkenstein"; hostName = "falkenstein";
nftables.enable = true; nftables.enable = true;
@ -18,6 +24,7 @@
useNetworkd = true; useNetworkd = true;
enableIPv6 = true; enableIPv6 = true;
firewall = { firewall = {
allowedUDPPorts = [ 51820 ];
extraInputRules = '' extraInputRules = ''
ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
''; '';
@ -31,10 +38,6 @@
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
]; ];
extraConfig = ''
[Resolve]
DNSStubListener=no
'';
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
@ -86,8 +89,9 @@
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
networkConfig = { networkConfig = {
Address = "192.168.43.4/32"; Address = "192.168.43.4/32";
DNS = "192.168.42.1"; DNS = "192.168.43.1";
DNSSEC = true; Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
DNSSEC = false;
BindCarrier = [ "ens3" ]; BindCarrier = [ "ens3" ];
}; };
}; };