From fa4aac7df56103b40bc761220660a1b1e0377072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Wed, 6 Mar 2024 01:44:06 +0100 Subject: [PATCH] networking: Add DNS via unbound --- nixos-config/default.nix | 10 ++---- nixos-config/hosts/ren/default.nix | 2 +- nixos-config/hosts/rin/default.nix | 2 +- nixos-config/hosts/yui/default.nix | 2 +- nixos-config/networking/default.nix | 33 +++++++++++++++++++ .../{networks => networking}/personal.nix | 0 .../{networks => networking}/work.nix | 0 7 files changed, 38 insertions(+), 11 deletions(-) create mode 100644 nixos-config/networking/default.nix rename nixos-config/{networks => networking}/personal.nix (100%) rename nixos-config/{networks => networking}/work.nix (100%) diff --git a/nixos-config/default.nix b/nixos-config/default.nix index f8c74e9d..d875911f 100644 --- a/nixos-config/default.nix +++ b/nixos-config/default.nix @@ -9,6 +9,7 @@ flake-inputs.sops-nix.nixosModules.sops ./greeter + ./networking ./sway.nix ./yubikey.nix ../modules @@ -79,22 +80,15 @@ }; }; - networking = { - useDHCP = false; - networkmanager.enable = true; - }; - time.timeZone = "Europe/Amsterdam"; users = { defaultUserShell = pkgs.zsh; - groups.network = {}; - users = { tlater = { isNormalUser = true; - extraGroups = ["wheel" "video" "network"]; + extraGroups = ["wheel" "video"]; }; }; }; diff --git a/nixos-config/hosts/ren/default.nix b/nixos-config/hosts/ren/default.nix index 1dd5a6d1..13af370d 100644 --- a/nixos-config/hosts/ren/default.nix +++ b/nixos-config/hosts/ren/default.nix @@ -6,7 +6,7 @@ ./hardware-configuration.nix ./nixos-hardware-precursor.nix ./disko.nix - ../../networks/personal.nix + ../../networking/personal.nix ../../wireguard.nix ]; diff --git a/nixos-config/hosts/rin/default.nix b/nixos-config/hosts/rin/default.nix index f7b8d4e4..414484f8 100644 --- a/nixos-config/hosts/rin/default.nix +++ b/nixos-config/hosts/rin/default.nix @@ -5,7 +5,7 @@ }: { imports = [ flake-inputs.disko.nixosModules.disko - ../../networks/work.nix + ../../networking/work.nix ./hardware-configuration.nix ./disko.nix diff --git a/nixos-config/hosts/yui/default.nix b/nixos-config/hosts/yui/default.nix index f799e1f2..ffa5d479 100644 --- a/nixos-config/hosts/yui/default.nix +++ b/nixos-config/hosts/yui/default.nix @@ -15,7 +15,7 @@ in { ./games.nix ./hardware-configuration.nix - ../../networks/personal.nix + ../../networking/personal.nix ./wireguard.nix ../../wireguard.nix ./nvidia diff --git a/nixos-config/networking/default.nix b/nixos-config/networking/default.nix new file mode 100644 index 00000000..739d3644 --- /dev/null +++ b/nixos-config/networking/default.nix @@ -0,0 +1,33 @@ +{ + users.users.tlater.extraGroups = ["networking"]; + + networking = { + useDHCP = false; + networkmanager.enable = true; + }; + + services.unbound = { + enable = true; + + settings = { + server = { + qname-minimisation = true; + }; + + forward-zone = [ + { + # ProtonVPN DNS, if available + name = "."; + forward-addr = "10.2.0.1"; + } + { + # Cloudflare backup + name = "."; + forward-addr = "1.1.1.1"; + } + ]; + }; + + localControlSocketPath = "/run/unbound/unbound.ctl"; + }; +} diff --git a/nixos-config/networks/personal.nix b/nixos-config/networking/personal.nix similarity index 100% rename from nixos-config/networks/personal.nix rename to nixos-config/networking/personal.nix diff --git a/nixos-config/networks/work.nix b/nixos-config/networking/work.nix similarity index 100% rename from nixos-config/networks/work.nix rename to nixos-config/networking/work.nix