Added resolvectl + own DNS

2026-01-16 16:39:06 +02:00
parent db5fce9c57
commit ca2047da42
4 changed files with 56 additions and 17 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1768127708,
-        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
+        "lastModified": 1768305791,
+        "narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
+        "rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
        "type": "github"
      },
      "original": {
--- a/hosts/puter/default.nix
+++ b/hosts/puter/default.nix
@@ -8,6 +8,7 @@
    ./syncthing.nix
    ./packages.nix
    ./wireguard.nix
+    ./prometheus-node-exporter.nix
    #./remotebuild_user.nix
    # DE
    ../../modules/de/multiple-dms.nix
@@ -27,5 +28,10 @@
  networking.hostName = "puter";
  # This will be overridden by system/default.nix
  system.stateVersion = "24.05";
-  security.pki.certificates = ["/home/user/.config/bigbox.local.crt"];
+  networking.resolved = {
+    enable = true;
+    dns = ["dns.mycloudhaus.xyz"];
+    dnsOvertTls = true;
+    dnssec = true;
+  };
 }
--- a/hosts/puter/prometheus-node-exporter.nix
+++ b/hosts/puter/prometheus-node-exporter.nix
@@ -0,0 +1,27 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  # https://nixos.org/manual/nixos/stable/#module-services-prometheus-exporters
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/prometheus/exporters.nix
+  services.prometheus.exporters.node = {
+    enable = true;
+    port = 9100;
+    # For the list of available collectors, run, depending on your install:
+    # - Flake-based: nix run nixpkgs#prometheus-node-exporter -- --help
+    # - Classic: nix-shell -p prometheus-node-exporter --run "node_exporter --help"
+    enabledCollectors = [
+      "ethtool"
+      "softirqs"
+      "systemd"
+      "tcpstat"
+      "wifi"
+    ];
+    # You can pass extra options to the exporter using `extraFlags`, e.g.
+    # to configure collectors or disable those enabled by default.
+    # Enabling a collector is also possible using "--collector.[name]",
+    # but is otherwise equivalent to using `enabledCollectors` above.
+    # extraFlags = [ "--collector.ntp.protocol-version=4" "--no-collector.mdadm" ];
+  };
+}
--- a/hosts/puter/wireguard.nix
+++ b/hosts/puter/wireguard.nix
@@ -5,16 +5,22 @@
 }: {
  networking.wireguard.interfaces = {
    wg0 = {
-              ips = [ "10.0.0.3/32" ];
+      ips = ["10.0.0.3/32"];
      listenPort = 5553;
      privateKeyFile = "/etc/wireguard/wg0.key";
      peers = [
-              { # cloudhaus
+        {
+          # cloudhaus
          publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
-               allowedIPs = [ "10.0.0.1/32"];
+          allowedIPs = ["10.0.0.1/32"];
          endpoint = "46.62.255.194:51820";
          persistentKeepalive = 25;
-              }];
+        }
+      ];
    };
  };
+  networking.firewall.allowedTCPPorts = [9100];
+  networking.firewall.interfaces = {
+    wg0.allowedTCPPorts = [9100];
+  };
 }