Added resolvectl + own DNS

2026-01-16 16:39:06 +02:00
parent db5fce9c57
commit ca2047da42
4 changed files with 56 additions and 17 deletions
--- a/hosts/puter/default.nix
+++ b/hosts/puter/default.nix
@@ -8,6 +8,7 @@
    ./syncthing.nix
    ./packages.nix
    ./wireguard.nix
+    ./prometheus-node-exporter.nix
    #./remotebuild_user.nix
    # DE
    ../../modules/de/multiple-dms.nix
@@ -27,5 +28,10 @@
  networking.hostName = "puter";
  # This will be overridden by system/default.nix
  system.stateVersion = "24.05";
-  security.pki.certificates = ["/home/user/.config/bigbox.local.crt"];
+  networking.resolved = {
+    enable = true;
+    dns = ["dns.mycloudhaus.xyz"];
+    dnsOvertTls = true;
+    dnssec = true;
+  };
 }
--- a/hosts/puter/prometheus-node-exporter.nix
+++ b/hosts/puter/prometheus-node-exporter.nix
@@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9100;
+    # For the list of available collectors, run, depending on your install:
+    # - Flake-based: nix run nixpkgs#prometheus-node-exporter -- --help
+    # - Classic: nix-shell -p prometheus-node-exporter --run "node_exporter --help"
+    enabledCollectors = [
+      "ethtool"
+      "softirqs"
+      "systemd"
+      "tcpstat"
+      "wifi"
+    ];
+    # You can pass extra options to the exporter using `extraFlags`, e.g.
+    # to configure collectors or disable those enabled by default.
+    # Enabling a collector is also possible using "--collector.[name]",
+    # but is otherwise equivalent to using `enabledCollectors` above.
+    # extraFlags = [ "--collector.ntp.protocol-version=4" "--no-collector.mdadm" ];
+  };
+}
--- a/hosts/puter/wireguard.nix
+++ b/hosts/puter/wireguard.nix
@@ -3,18 +3,24 @@
  pkgs,
  ...
 }: {
-    networking.wireguard.interfaces = {
-      wg0 = {
-              ips = [ "10.0.0.3/32" ];
-              listenPort = 5553;
-              privateKeyFile = "/etc/wireguard/wg0.key";
-              peers = [
-              { # cloudhaus
-               publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
-               allowedIPs = [ "10.0.0.1/32"];
-               endpoint = "46.62.255.194:51820";
-               persistentKeepalive = 25;
-              }];
-      };
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = ["10.0.0.3/32"];
+      listenPort = 5553;
+      privateKeyFile = "/etc/wireguard/wg0.key";
+      peers = [
+        {
+          # cloudhaus
+          publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
+          allowedIPs = ["10.0.0.1/32"];
+          endpoint = "46.62.255.194:51820";
+          persistentKeepalive = 25;
+        }
+      ];
    };
+  };
+  networking.firewall.allowedTCPPorts = [9100];
+  networking.firewall.interfaces = {
+    wg0.allowedTCPPorts = [9100];
+  };
 }