updates

2025-04-25 16:08:30 +02:00 · 2025-01-13 15:42:20 +01:00 · 2025-01-13 15:42:20 +01:00 · 3d572d7a38
commit 3d572d7a38
parent 60586106be
7 changed files with 62 additions and 41 deletions
--- a/hosts/falkenstein/modules/dns/default.nix
+++ b/hosts/falkenstein/modules/dns/default.nix
@ -96,11 +96,17 @@ in
      };
    };
  };
-  systemd.services.bind.preStart = ''
-    # copy the file manually to its destination since signing requires a writable directory
-    ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
-    ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
-  '';
+  systemd.services.bind-zonefile = {
+    script = ''      
+      # copy the file manually to its destination since signing requires a writable directory
+      ${pkgs.coreutils}/bin/cp ${zonefile} ${config.services.bind.directory}/rfive.de.zone.txt
+      ${pkgs.coreutils}/bin/chown named:named ${config.services.bind.directory}/rfive.de.zone.txt
+    '';
+  };
+  systemd.services.bind = {
+    after = [ "bind-zonefile.service" ];
+    requires = [ "bind-zonefile.service" ];
+  };
  networking.firewall.extraInputRules = ''
    ip saddr ${secondary}/32 tcp dport 53 accept comment "Allow DNS AXFR access from INWX Servers"
    ip saddr ${secondary}/32 udp dport 53 accept comment "Allow DNS access from INWX Servers"
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@ -31,7 +31,6 @@
    # '';
    tmp.useTmpfs = true;
  };
-  services.lldpd.enable = true;

  environment.persistence."/nix/persist/system" = {
    directories = [
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@ -25,7 +25,7 @@
    nmap
    curlFull
    wireguard-tools
-    # etherape
+    etherape
  ];
  services.timesyncd.servers = lib.mkForce [ ];
  services.resolved = {
@ -187,12 +187,12 @@
    package = pkgs.wireshark-qt;
  };
  programs.wavemon.enable = true;
-  # # users.groups.etherape = { };
-  # security.wrappers.etherape = {
-  #   source = "${pkgs.etherape}/bin/etherape";
-  #   capabilities = "cap_net_raw,cap_net_admin+eip";
-  #   owner = "root";
-  #   group = "etherape";
-  #   permissions = "u+rx,g+x";
-  # };
+  users.groups.etherape = { };
+  security.wrappers.etherape = {
+    source = "${pkgs.etherape}/bin/etherape";
+    capabilities = "cap_net_raw,cap_net_admin+eip";
+    owner = "root";
+    group = "etherape";
+    permissions = "u+rx,g+x";
+  };
 }