nuc: networking updates

2024-11-15 05:13:10 +01:00 · 2024-05-13 11:59:14 +02:00 · 2024-05-13 11:59:14 +02:00 · d2353d8b59
parent 77b3d974c5
commit d2353d8b59
4 changed files with 15 additions and 5 deletions
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -54,6 +54,8 @@
    helix
    lsof
    btdu
+    tcpdump
+    mtr
  ];
  programs.git = {
    enable = true;
--- a/hosts/nuc/modules/backup/default.nix
+++ b/hosts/nuc/modules/backup/default.nix
@ -19,6 +19,11 @@
        "/var/log"
        "/nix/persist"
      ];
+      # don't backup these for now
+      exclude_patterns = [
+        "/var/lib/movies"
+        "/var/lib/shows"
+      ];
      repositories = [
        {
          label = "nuc";
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@ -34,7 +34,10 @@
        routeConfig.Gateway = "192.168.42.1";
      }];
      networkConfig = {
-        DNS = "192.168.42.1";
+        DNS = [
+          "9.9.9.9"
+          "149.112.112.112"
+        ];
        LLDP = true;
        EmitLLDP = "nearest-bridge";
        DNSSEC = false;
--- a/hosts/nuc/modules/torrent/default.nix
+++ b/hosts/nuc/modules/torrent/default.nix
@ -78,7 +78,7 @@ in
      Group = cfg.user;
      Restart = "always";

-      PrivateNetwork = true;
+      # PrivateNetwork = true;
      NetworkNamespacePath = "/var/run/netns/torrent";

      ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}";
@ -88,9 +88,9 @@ in

      # Avoid using nscd (leaks dns)
      InaccessiblePaths = [ "/run/nscd" ];
-      # BindReadOnlyPaths = [
-      #   "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf"
-      # ];
+      BindReadOnlyPaths = [
+        "/etc/netns/torrent/resolv.conf:/etc/resolv.conf"
+      ];

      # systemd-analyze --no-pager security qbittorrent.service
      CapabilityBoundingSet = null;