kenny/nixos-haus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added resolvectl + own DNS

Browse Source
This commit is contained in:
kenny
2026-01-16 16:39:06 +02:00
parent db5fce9c57
commit ca2047da42
4 changed files with 56 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1768127708, "lastModified": 1768305791,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github" "type": "github"
}, },
"original": { "original": {

8
hosts/puter/default.nix
View File

@@ -8,6 +8,7 @@
./syncthing.nix ./syncthing.nix
./packages.nix ./packages.nix
./wireguard.nix ./wireguard.nix
./prometheus-node-exporter.nix
#./remotebuild_user.nix #./remotebuild_user.nix
# DE # DE
../../modules/de/multiple-dms.nix ../../modules/de/multiple-dms.nix
@@ -27,5 +28,10 @@
networking.hostName = "puter"; networking.hostName = "puter";
# This will be overridden by system/default.nix # This will be overridden by system/default.nix
system.stateVersion = "24.05"; system.stateVersion = "24.05";
security.pki.certificates = ["/home/user/.config/bigbox.local.crt"]; networking.resolved = {
enable = true;
dns = ["dns.mycloudhaus.xyz"];
dnsOvertTls = true;
dnssec = true;
};
} }

27
hosts/puter/prometheus-node-exporter.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
pkgs,
...
}: {
# https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
services.prometheus.exporters.node = {
enable = true;
port = 9100;
# For the list of available collectors, run, depending on your install:
# - Flake-based: nix run nixpkgs#prometheus-node-exporter -- --help
# - Classic: nix-shell -p prometheus-node-exporter --run "node_exporter --help"
enabledCollectors = [
"ethtool"
"softirqs"
"systemd"
"tcpstat"
"wifi"
];
# You can pass extra options to the exporter using `extraFlags`, e.g.
# to configure collectors or disable those enabled by default.
# Enabling a collector is also possible using "--collector.[name]",
# but is otherwise equivalent to using `enabledCollectors` above.
# extraFlags = [ "--collector.ntp.protocol-version=4" "--no-collector.mdadm" ];
};
}

32
hosts/puter/wireguard.nix
View File

@@ -3,18 +3,24 @@
pkgs, pkgs,
... ...
}: { }: {
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
wg0 = { wg0 = {
ips = [ "10.0.0.3/32" ]; ips = ["10.0.0.3/32"];
listenPort = 5553; listenPort = 5553;
privateKeyFile = "/etc/wireguard/wg0.key"; privateKeyFile = "/etc/wireguard/wg0.key";
peers = [ peers = [
{ # cloudhaus {
publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI="; # cloudhaus
allowedIPs = [ "10.0.0.1/32"]; publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
endpoint = "46.62.255.194:51820"; allowedIPs = ["10.0.0.1/32"];
persistentKeepalive = 25; endpoint = "46.62.255.194:51820";
}]; persistentKeepalive = 25;
}; }
];
}; };
};
networking.firewall.allowedTCPPorts = [9100];
networking.firewall.interfaces = {
wg0.allowedTCPPorts = [9100];
};
} }