From d2353d8b59c1945a7bda9df6e94bbd37b00655c7 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 11:59:14 +0200 Subject: [PATCH] nuc: networking updates --- hosts/nuc/default.nix | 2 ++ hosts/nuc/modules/backup/default.nix | 5 +++++ hosts/nuc/modules/networks/default.nix | 5 ++++- hosts/nuc/modules/torrent/default.nix | 8 ++++---- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 768080d..4fcbd32 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -54,6 +54,8 @@ helix lsof btdu + tcpdump + mtr ]; programs.git = { enable = true; diff --git a/hosts/nuc/modules/backup/default.nix b/hosts/nuc/modules/backup/default.nix index c7771b9..bc50c25 100644 --- a/hosts/nuc/modules/backup/default.nix +++ b/hosts/nuc/modules/backup/default.nix @@ -19,6 +19,11 @@ "/var/log" "/nix/persist" ]; + # don't backup these for now + exclude_patterns = [ + "/var/lib/movies" + "/var/lib/shows" + ]; repositories = [ { label = "nuc"; diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index c547460..eebf8f8 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -34,7 +34,10 @@ routeConfig.Gateway = "192.168.42.1"; }]; networkConfig = { - DNS = "192.168.42.1"; + DNS = [ + "9.9.9.9" + "149.112.112.112" + ]; LLDP = true; EmitLLDP = "nearest-bridge"; DNSSEC = false; diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 9c8d83b..2bff346 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -78,7 +78,7 @@ in Group = cfg.user; Restart = "always"; - PrivateNetwork = true; + # PrivateNetwork = true; NetworkNamespacePath = "/var/run/netns/torrent"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}"; @@ -88,9 +88,9 @@ in # Avoid using nscd (leaks dns) InaccessiblePaths = [ "/run/nscd" ]; - # BindReadOnlyPaths = [ - # "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf" - # ]; + BindReadOnlyPaths = [ + "/etc/netns/torrent/resolv.conf:/etc/resolv.conf" + ]; # systemd-analyze --no-pager security qbittorrent.service CapabilityBoundingSet = null;