From 409e1332f824fcc5cd6681dfbe22197be0d37707 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Sat, 10 Jun 2023 20:48:07 +0200 Subject: [PATCH] Updates --- .../argon/adguardhome-sync/environment.age | Bin 0 -> 709 bytes agenix/hosts/argon/config.nix | 4 ++ flake.lock | 30 ++++---- hardware/hosts/argon.nix | 1 + home/hosts/Styx.nix | 1 + home/programs/nvim/plugins.nix | 66 +++++++++--------- home/programs/ssh/Styx.nix | 2 +- secret/hosts/argon.nix | Bin 181 -> 265 bytes secret/hosts/attic.nix | Bin 600 -> 729 bytes secret/hosts/mediaserver.nix | Bin 189 -> 453 bytes secrets.nix | 2 + system/hosts/argon.nix | 14 ++++ system/hosts/mediaserver.nix | 2 + system/nixos/adguardhome-sync.nix | 18 +++++ system/nixos/adguardhome.nix | 6 +- system/nixos/home-proxy.nix | 12 +++- 16 files changed, 106 insertions(+), 52 deletions(-) create mode 100644 agenix/hosts/argon/adguardhome-sync/environment.age create mode 100644 system/nixos/adguardhome-sync.nix diff --git a/agenix/hosts/argon/adguardhome-sync/environment.age b/agenix/hosts/argon/adguardhome-sync/environment.age new file mode 100644 index 0000000000000000000000000000000000000000..e19a62346827359f0b3f89ced691381260f3511c GIT binary patch literal 709 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlEpaa}OIOe@a1Sgh zG|x+Pv8*t+O!n~654Q~WHLi@x^e+sGOs#OKstEBj&(rpBvEa%KbvDfjPIt7(bIVUN z4KB?zG4U~SEB5z{FmWt32`UT>&o8n_wFq?d$ws%$FfG|9G*F?!$J;HjDl#m{$->Od zBsbEdBFeDB%q_dpBh$$|#3ITwDKS6AAl1buJe|um-J~)pFvldLJR&$O*QwGu%qiEa z)Wgs`FxAA=BHukdu(&MJ&o?hH!x3bgpK4^SZhBE_VsR>$N3nKErF*ekrdwHPW=2*{ zgke^8wokHUu8&)KL7-`2h)=qEPNA2xzlX20n`54(zh!Pnsa*}(ce?eqkv8zw8OJQD!Teg{xwt2RRVPzE1UR_;<0wdoHk3!doEcZ%h zKNtPLU_;A9M`vxIDZz_6{_;D8Nwf&t+ z>#B>(6&9C0Gv}$P|5mzjTfS9H=jrH%s(|)-$7|14Zr{)oRr+)GBX`D{jgL2VEnT!^ z#YXWDeqSnBw4Tf4O%=)0FWAz(uZAPZ=#NES#HnKEuWg#Y+kbW6^|{B(zo@3;fA`E& zDwY+EnV;5d%DL;1%sErH#*d|)-=2AWOPICa zb+MSZg2bf-LT~5h1k3G6l5nbw^7{LrKf#mf`awyfYcUd&I@Y3tI n=WNTicK1D%P`I@IkeJ_>ErOc0Gfci-t-ZW3SUv6no6a8qs6iS6 literal 0 HcmV?d00001 diff --git a/agenix/hosts/argon/config.nix b/agenix/hosts/argon/config.nix index cd72e45..35b5ef2 100644 --- a/agenix/hosts/argon/config.nix +++ b/agenix/hosts/argon/config.nix @@ -14,6 +14,10 @@ file = ./tailscale/authkey.age; }; + adguardhome-sync-environment = { + file = ./adguardhome-sync/environment.age; + }; + weewx-proxy-environment = { file = ./weewx-proxy/environment.age; }; diff --git a/flake.lock b/flake.lock index 07fda0f..caade03 100644 --- a/flake.lock +++ b/flake.lock @@ -110,11 +110,11 @@ ] }, "locked": { - "lastModified": 1685559570, - "narHash": "sha256-MNIQvLRoq92isMLR/ordKNCl+aXNiuwBM4QyqmS8d00=", + "lastModified": 1686307493, + "narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4338bc869e9874d54a4c89539af72f16666b2abe", + "rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f", "type": "github" }, "original": { @@ -253,11 +253,11 @@ ] }, "locked": { - "lastModified": 1686142265, - "narHash": "sha256-IP0xPa0VYqxCzpqZsg3iYGXarUF+4r2zpkhwdHy9WsM=", + "lastModified": 1686391840, + "narHash": "sha256-5S0APl6Mfm6a37taHwvuf11UHnAX0+PnoWQbsYbMUnc=", "owner": "nix-community", "repo": "home-manager", - "rev": "39c7d0a97a77d3f31953941767a0822c94dc01f5", + "rev": "0144ac418ef633bfc9dbd89b8c199ad3a617c59f", "type": "github" }, "original": { @@ -276,11 +276,11 @@ }, "locked": { "dir": "contrib", - "lastModified": 1686106284, - "narHash": "sha256-UsJTmzpM6gtQDo4QnMNjCNSQSlqlRoUWwH8JL4ZLRxw=", + "lastModified": 1686365071, + "narHash": "sha256-6yybShpkWPJv8byx7lF1q55uzsnKX1/z0A2Xb74y3I4=", "owner": "neovim", "repo": "neovim", - "rev": "a217675a67233ca2032cd668e919858d2aed92e7", + "rev": "b6d2f49b4536f89cf2428d1f214468aa5fb21788", "type": "github" }, "original": { @@ -301,11 +301,11 @@ "weewx-proxy-flake": "weewx-proxy-flake" }, "locked": { - "lastModified": 1686126028, - "narHash": "sha256-qZcjDerxaAejZWOKIZ/BRzlO6Dk3kSAcGScImAjHKuo=", + "lastModified": 1686385112, + "narHash": "sha256-6hH97tMLpMmiv5+5I3fsNDYsbElqgjQ0mJ8K2N7Q4VA=", "owner": "nifoc", "repo": "nix-overlay", - "rev": "34792fe066ac58e2441ffc6c854ef6c809c3d91d", + "rev": "6964b80444fb9574596a90cc5444f87acad037af", "type": "github" }, "original": { @@ -316,11 +316,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1684899633, - "narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=", + "lastModified": 1686396027, + "narHash": "sha256-gE+csxJoXuNn5ZnlgNj0GnMQ2y4heBtDqkB1af8vfjU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4cc688ee711159b9bcb5a367be44007934e1a49d", + "rev": "70d5f55faee9c1e141e32e6be1e77d13e5a570db", "type": "github" }, "original": { diff --git a/hardware/hosts/argon.nix b/hardware/hosts/argon.nix index 6e86b41..c84320c 100644 --- a/hardware/hosts/argon.nix +++ b/hardware/hosts/argon.nix @@ -12,6 +12,7 @@ "net.ipv4.tcp_syncookies" = 0; "net.ipv4.tcp_timestamps" = 1; "net.ipv4.tcp_window_scaling" = 1; + "net.core.rmem_max" = 2500000; }; }; diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix index 763c643..3cf92f6 100644 --- a/home/hosts/Styx.nix +++ b/home/hosts/Styx.nix @@ -49,6 +49,7 @@ args@{ pkgs, config, lib, ... }: curlHTTP3 dasel deploy-rs + dig exa exiftool fd diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index 806f248..d23fe27 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -19,12 +19,12 @@ in }; plenary-nvim = buildVimPluginFrom2Nix { pname = "plenary.nvim"; - version = "2023-05-31"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "nvim-lua"; repo = "plenary.nvim"; - rev = "499e0743cf5e8075cd32af68baa3946a1c76adf1"; - sha256 = "0r9aw3a53vzq0rdyvq7pi99pqbmnww0dm146pbj2kd33rb34daz6"; + rev = "36aaceb6e93addd20b1b18f94d86aecc552f30c4"; + sha256 = "0r0z27kwpgd8ladjj86h9gmyq2mxcwbiaj3a6mi1bz2dwxqiddxb"; fetchSubmodules = false; }; }; @@ -107,12 +107,12 @@ in }; nvim-treesitter = buildVimPluginFrom2Nix { pname = "nvim-treesitter"; - version = "2023-06-07"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "46ddea9deccb0608df416822228786d1a5a2b7d1"; - sha256 = "17rlv3gqh9glskr3ncnvwa6pgk6iansdl6b2fjyrk3zw5kj99gak"; + rev = "f9d701176cb9a3e206a4c690920a8993630c3ec8"; + sha256 = "08zc1irs12clw8fy140j4lk9m4wfjmmmm64dw915gyl0l6r9g0rb"; fetchSubmodules = false; }; }; @@ -140,12 +140,12 @@ in }; telescope-nvim = buildVimPluginFrom2Nix { pname = "telescope.nvim"; - version = "2023-06-07"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "nvim-telescope"; repo = "telescope.nvim"; - rev = "be49680937e821e4d8522329727e50734fdb9b97"; - sha256 = "15bq92f9vvqhzhr6djm8r0vybsm0z030xp5wpf904kir1svpwdgb"; + rev = "116dbea5800c908de4afa6e793f28f782621c65d"; + sha256 = "1scp1pr8innnpk35wz9rq9npkha5j3hacpggrbafy0madvs92x60"; fetchSubmodules = false; }; }; @@ -220,23 +220,23 @@ in }; nvim-lspconfig = buildVimPluginFrom2Nix { pname = "nvim-lspconfig"; - version = "2023-06-07"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "neovim"; repo = "nvim-lspconfig"; - rev = "1028360e0f2f724d93e876df3d22f63c1acd6ff9"; - sha256 = "17n18dkhd39vkbqx0hxgg6zf1yq1052rlnxpqj0x5p7s0zxwqhmr"; + rev = "08f1f347c718e945c3b1712ebb68c6834182cf3a"; + sha256 = "0kqxbyb5hg6r4rv79bxjj8dvm3440137xxppp2a5idxi8sisdqad"; fetchSubmodules = false; }; }; nvim-jdtls = buildVimPluginFrom2Nix { pname = "nvim-jdtls"; - version = "2023-06-02"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "mfussenegger"; repo = "nvim-jdtls"; - rev = "8597d57fb40d4ad503cf3acb2fdcfe1b0d8a193d"; - sha256 = "1s7xnl8rsav4237mzh37q4qflhbfb2sq7vasdfgzx4mgad2x6kx5"; + rev = "dbb8a403e90302bd5611da91975d37a0a26e1473"; + sha256 = "11pfy4w67170fc32fhcyjr8lnw1g9yxrvsp9y676rfbp8imh1sf4"; fetchSubmodules = false; }; }; @@ -308,23 +308,23 @@ in }; friendly-snippets = buildVimPluginFrom2Nix { pname = "friendly-snippets"; - version = "2023-06-06"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "rafamadriz"; repo = "friendly-snippets"; - rev = "b471f5419155ce832eff71ad8920ea8cfbd54840"; - sha256 = "14yjacmzryd8mkbi7dkacq0zqc8r52dipdsjyzak45pqacc4wzvs"; + rev = "b71d1ddc30a10ce0474156f7ee93bc9006d0cd74"; + sha256 = "0jxj57996c4ab54p0zd4h5ldkz9yad1jy0ylzikfq8ylvw7z4p31"; fetchSubmodules = false; }; }; nvim-cmp = buildVimPluginFrom2Nix { pname = "nvim-cmp"; - version = "2023-05-30"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "hrsh7th"; repo = "nvim-cmp"; - rev = "fc0f694af1a742ada77e5b1c91ff405c746f4a26"; - sha256 = "1vmsa4vrx7nsrq2kzh8pyjfssfhb9b7xy7qqcyja4g0xp9z9z077"; + rev = "69e7d280cbe17e318b549a10ae3cae5810946be6"; + sha256 = "119cfn70bb5bbfaq9rfc51dms64qfzzkn6aknj4lnd2dx1r56k00"; fetchSubmodules = false; }; }; @@ -396,12 +396,12 @@ in }; cmp-cmdline = buildVimPluginFrom2Nix { pname = "cmp-cmdline"; - version = "2023-04-24"; + version = "2023-06-08"; src = fetchFromGitHub { owner = "hrsh7th"; repo = "cmp-cmdline"; - rev = "5af1bb7d722ef8a96658f01d6eb219c4cf746b32"; - sha256 = "02xpxdbjvic4l2s4fmhiy38igvvg0mdpi6hr49kvnibx1dyzhx5k"; + rev = "8ee981b4a91f536f52add291594e89fb6645e451"; + sha256 = "03j79ncxnnpilx17x70my7s8vvc4w81kipraq29g4vp32dggzjsv"; fetchSubmodules = false; }; }; @@ -462,12 +462,12 @@ in }; nvim-treesitter-textobjects = buildVimPluginFrom2Nix { pname = "nvim-treesitter-textobjects"; - version = "2023-06-02"; + version = "2023-06-08"; src = fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter-textobjects"; - rev = "23e883b99228f8d438254e5ef8c897e5e60e75d1"; - sha256 = "1xjwah0g96mjv01lhd7yfml2gd15syhj2axbvid9xk4yn4m6hks8"; + rev = "2d6d3c7e49a24f6ffbbf7898241fefe9784f61bd"; + sha256 = "1mlx0hkx42al578ilwsj4547rqny85x089is189hdic287yw59gp"; fetchSubmodules = false; }; }; @@ -550,12 +550,12 @@ in }; nui-nvim = buildVimPluginFrom2Nix { pname = "nui.nvim"; - version = "2023-06-04"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "MunifTanjim"; repo = "nui.nvim"; - rev = "d5a82aae64426a805e19d8ef5a379292f9dc55d3"; - sha256 = "14mnskwvzsva5pxh909xgrzg1cy7r4459f0g85dkqr8z4c9yajic"; + rev = "64bdc579873fa5bd303f6951ead2b419493c88e8"; + sha256 = "1hffqk9vz6lw6jrixqy9sxj1wv2z7cbj08ykccyfym2zpij40gx6"; fetchSubmodules = false; }; }; @@ -572,12 +572,12 @@ in }; noice-nvim = buildVimPluginFrom2Nix { pname = "noice.nvim"; - version = "2023-06-06"; + version = "2023-06-10"; src = fetchFromGitHub { owner = "folke"; repo = "noice.nvim"; - rev = "acf47e2b863eb20f177aa1bd5398041513e731e1"; - sha256 = "1w4vzkashi7yqkzgb9cdq7nv27ibkw94ih041jf36k9axmlffqbr"; + rev = "a070cb87a180fd7e2c4387accff0be90268fb736"; + sha256 = "0838s3vqp2f6g8q7dwd4ga0m4qr8kj02snbrxd6xz4zzzaz1hlbq"; fetchSubmodules = false; }; }; diff --git a/home/programs/ssh/Styx.nix b/home/programs/ssh/Styx.nix index ce64c8f..1b2b907 100644 --- a/home/programs/ssh/Styx.nix +++ b/home/programs/ssh/Styx.nix @@ -26,7 +26,7 @@ in extraConfig = '' IdentityAgent "${auth-socket}" UpdateHostKeys ask - VerifyHostKeyDNS yes + # VerifyHostKeyDNS yes ''; matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks; diff --git a/secret/hosts/argon.nix b/secret/hosts/argon.nix index 786124e3c846a9926eab03a656fe215c2dfeeee7..a58a4c170a78193b3ef41acb4d2bf5086a354261 100644 GIT binary patch literal 265 zcmV+k0rvg?M@dveQdv+`0J0P?VuUy(05C1GMHB}s+?^Sb&vA2*Vz7(ABKZRits} zn;d?xWB3V3L51Oxm@5L+aS+!e_kxV*U~MMvc|6)Y4GOi(iF5^ofDu%`QZA(gL03i` z+(FuM?QA8Dm^=v2MOk|)lJ#`er9vy+@=*mTGG|FLgbfm~2 zogf}U$h-FuVjfd4w9vqPGnoUL{#&pgl8C zES0lP5*~9c9 zt~(0fH;F2fv6Q)@>&^q~X#wtmClM#>V+-^IT_@A*b@IY~)_T_nzJklTWEKroV`!ym j58UlX95@o&2;T6__wy=vmbYvr6ol5cgPY9JiC(PWZfaY% diff --git a/secret/hosts/attic.nix b/secret/hosts/attic.nix index 65eafbed3c58640dba73c4fc3f7c39e2c1b64195..2a75e72e79f1ae2d61c97bc9a32b2b38c692d0db 100644 GIT binary patch literal 729 zcmV;~0w(L-KU0sQ!8MP*XE5@#)wPn#XlD^=iY{eV5!*_Z3hu?tP-gIimI40=l7h* zOe)J1Npm~%2jyIpQPl@O)vrHUk<@)7W%XVw9twY=3AQ`7K#9rU{AeH1h43his0+ z8Q=>CymGsFX^`+9zO)k6ULgog9OqB^C2 zZE!iwnVY(0n`8}FcPQ;is2HIF9`V)ll`^R2g literal 600 zcmV-e0;l}|M@dveQdv+`06^u^Bj;(}$N1qtbL*^3dz6|_WA)3%9{HwB6-ma!XM%7> zf5Pq5AJt*(ve5-(;f7~2rvk!PkLcmaDWhtNAGE-7IF$mK+t4F^`2iF%HZ4Usx^r`2 zbB%Ut+)GR2VD+vVzv_A(V~7ug9|UmCSD3|2GKB5)GzeeEa8=L#vFN~p|GHAopgc9; z!*rH}ibX45_UuV)8%$iP{XH8tfXw^~;kw8bCTXC!!du)u@lA>6%2Dbi>FlZy`Mo|Q zlusH?5Hh*NAEPckN;oQ44RT|guK0|#8WC|eUU^{1qV$Pyp2)UM4pUhO>hQEBKOA?Y zj%%A$sqO2xgLSTWQ2@PeCPb@;|7c52c@#a{=?(cn2Qd-VYnnhG#4Qh3paFSew0rEWw+{c0r7A{Qac&$>A| ziOJ_J-f<<~dSmxGLmVk=dpP7!kE#u|#@Jnz9dEt_(@$jX%v7z5$h623?so?$YI)Kz zAN^H}x@OM9nA9mP$b8NZ-bX!clr(mn9S$HB)Q|a8T4@fHK-0fh^x|Oxk}8Wzn3T*% z@NZOrb~JZt+ZK(bMH8x#7Wh1MC_gtBqXRxTs4wCS*{n9KPLRbd=FmVQ82THJSlOCy m_WokBeaO{~+DB$+k$tN@H#xQ!ipZ`jMVr4GwCXZEluY?(cOs7f diff --git a/secret/hosts/mediaserver.nix b/secret/hosts/mediaserver.nix index 05ae022c230a94180825b3dd9f0ed644f3f50d79..ec150ea802d87fdaf1b351409b6e8f0d2806e98a 100644 GIT binary patch literal 453 zcmV;$0XqHwM@dveQdv+`027ta{Zs2Mzoig@r~G!~e8<2D#eYJzBsq%OqvG+iPtq8+ zwg^ng;;E~v+tLZ#_SKRyW-X;0wj)hi^~MXNVSl>zL-UNlW>>trltX=m)fERi3)_rM z6$%+=&WYeR<=bVrPrpm0V^F71)luRIt?+I9>+|U2C69Y*g(x3ccjrM*)#~d5(WZ2t z0(}LtzUGV~^G8%hTyu%$RahQ}Gu8?Ft%teKPn?ba@fBDG;!Jhha=1x+hOfj{PUY_3m?lK2m56RRU7qo6D&~;Y2RC_De>(Fx1OMrwt!0Wrv?G6Up(tPFFn5m zG?#RdV;$IIt&>vk@`O*bj!nYcce+Fev`7N(_o6ip3M;dm+MCoxVqc%iU$dZ_7-lOr z^?Ta302wQ2rxq6@>LZ`p+_N1PWMz()Ky$1KZIlPIXB92g)t+u&GoFyoeQus{1 rdD_ZptF~&=EQge|$wgQj`HLsM&tlg|>%X-7sstc4P}&IYDq%vPMUh<& diff --git a/secrets.nix b/secrets.nix index 3f23e28..95c17a8 100644 --- a/secrets.nix +++ b/secrets.nix @@ -81,5 +81,7 @@ in "agenix/hosts/argon/tailscale/authkey.age".publicKeys = argon; + "agenix/hosts/argon/adguardhome-sync/environment.age".publicKeys = argon; + "agenix/hosts/argon/weewx-proxy/environment.age".publicKeys = argon; } diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix index 82c1957..5162b89 100644 --- a/system/hosts/argon.nix +++ b/system/hosts/argon.nix @@ -24,6 +24,9 @@ in ../nixos/tailscale.nix ../nixos/weewx-proxy.nix + + ../nixos/container.nix + ../nixos/adguardhome-sync.nix ]; system.stateVersion = "22.11"; @@ -77,6 +80,17 @@ in useNetworkd = true; }; + environment.etc."resolv.conf".text = lib.mkForce '' + nameserver 127.0.0.1 + nameserver 10.0.0.110 + options edns0 trust-ad + search . + ''; + + services.resolved.extraConfig = '' + DNSStubListener=no + ''; + systemd.network = { enable = true; diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix index 47b2ded..2702c53 100644 --- a/system/hosts/mediaserver.nix +++ b/system/hosts/mediaserver.nix @@ -16,6 +16,8 @@ in ../nixos/acme-mediaserver.nix ../nixos/nginx.nix + (import ../nixos/adguardhome.nix (args // { inherit secret; })) + ../nixos/attic.nix ../nixos/bdfr-browser.nix diff --git a/system/nixos/adguardhome-sync.nix b/system/nixos/adguardhome-sync.nix new file mode 100644 index 0000000..2dc3602 --- /dev/null +++ b/system/nixos/adguardhome-sync.nix @@ -0,0 +1,18 @@ +{ config, ... }: + +{ + virtualisation.oci-containers.containers.adguardhome-sync = { + image = "ghcr.io/bakito/adguardhome-sync"; + cmd = [ "run" ]; + environmentFiles = [ config.age.secrets.adguardhome-sync-environment.path ]; + extraOptions = [ + "--label=com.centurylinklabs.watchtower.enable=true" + "--label=io.containers.autoupdate=registry" + ]; + }; + + networking.firewall.interfaces."podman+" = { + allowedUDPPorts = [ 443 ]; + allowedTCPPorts = [ 443 ]; + }; +} diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index 18d73db..eb2e0b7 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -18,7 +18,7 @@ debug_pprof = false; dns = { - bind_hosts = [ "127.0.0.1" "10.0.0.5" ]; + bind_hosts = secret.adguardhome.bind_hosts; port = 53; bootstrap_dns = [ @@ -54,7 +54,9 @@ }) (builtins.filter builtins.isString interfaces)); - services.nginx.virtualHosts."agh.internal.kempkens.network" = { + virtualisation.podman.defaultNetwork.settings.dns_enabled = lib.mkForce secret.adguardhome.podmanDNS; + + services.nginx.virtualHosts."${secret.adguardhome.domain_prefix}.internal.kempkens.network" = { serverAliases = [ "dns.internal.kempkens.network" ]; listen = [ diff --git a/system/nixos/home-proxy.nix b/system/nixos/home-proxy.nix index d5e605e..17e85f9 100644 --- a/system/nixos/home-proxy.nix +++ b/system/nixos/home-proxy.nix @@ -22,8 +22,18 @@ upstreams.dns = { servers = { - "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { }; + "${secret.nginx.upstream.dns.primary.hostname}:${builtins.toString secret.nginx.upstream.dns.primary.upstreamPort}" = { + fail_timeout = "5s"; + }; + + "${secret.nginx.upstream.dns.secondary.hostname}:${builtins.toString secret.nginx.upstream.dns.secondary.upstreamPort}" = { + backup = true; + }; }; + + extraConfig = '' + keepalive 8; + ''; }; virtualHosts."${secret.nginx.upstream.dns.fqdn}" = {