diff --git a/agenix/hosts/argon/adguardhome-sync/environment.age b/agenix/hosts/argon/adguardhome-sync/environment.age index 47dffa0..5cc1c0b 100644 Binary files a/agenix/hosts/argon/adguardhome-sync/environment.age and b/agenix/hosts/argon/adguardhome-sync/environment.age differ diff --git a/agenix/hosts/tanker/headscale/acls.age b/agenix/hosts/tanker/headscale/acls.age index e43ee99..d9e2500 100644 Binary files a/agenix/hosts/tanker/headscale/acls.age and b/agenix/hosts/tanker/headscale/acls.age differ diff --git a/home/config/direnv/direnvrc b/home/config/direnv/direnvrc index d97e4a2..5057db5 100644 --- a/home/config/direnv/direnvrc +++ b/home/config/direnv/direnvrc @@ -11,7 +11,7 @@ project() { # Languages project_erlang() { - export ERL_AFLAGS="-kernel shell_history enabled" + export ERL_AFLAGS="-kernel shell_history enabled -kernel shell_history_path '\"$(direnv_layout_dir)/erl_history\"'" export REBAR_CACHE_DIR=$(direnv_layout_dir)/rebar export REBAR_GLOBAL_CONFIG_DIR=$(direnv_layout_dir)/rebar/config diff --git a/system/hosts/argon.nix b/system/hosts/argon.nix index 2c92012..7f1d379 100644 --- a/system/hosts/argon.nix +++ b/system/hosts/argon.nix @@ -32,7 +32,7 @@ in # ../nixos/telegraf.nix ../nixos/tailscale.nix - ../nixos/tailscale-argon.nix + ../nixos/tailscale-nodns.nix ../nixos/unbound.nix diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix index 2257029..a7f18e3 100644 --- a/system/hosts/mediaserver.nix +++ b/system/hosts/mediaserver.nix @@ -26,6 +26,7 @@ in ../nixos/ddg.nix ../nixos/tailscale.nix + ../nixos/tailscale-nodns.nix ../nixos/unbound.nix diff --git a/system/hosts/tanker.nix b/system/hosts/tanker.nix index 0d20f0a..36327ec 100644 --- a/system/hosts/tanker.nix +++ b/system/hosts/tanker.nix @@ -55,6 +55,7 @@ in ../nixos/matrix ../nixos/tailscale.nix + ../nixos/tailscale-nodns.nix ../nixos/websites-tanker.nix diff --git a/system/nixos/adguardhome.nix b/system/nixos/adguardhome.nix index f2a8d3b..f73f1b4 100644 --- a/system/nixos/adguardhome.nix +++ b/system/nixos/adguardhome.nix @@ -27,6 +27,30 @@ allow_unencrypted_doh = true; strict_sni_check = true; }; + + dns = { + # Based on: https://pkg.go.dev/github.com/Potterli20/golibs-fork/netutil#IsLocallyServed + private_networks = [ + "10.0.0.0/8" + "127.0.0.0/8" + "169.254.0.0/16" + "172.16.0.0/12" + "192.0.2.0/24" + "192.168.0.0/16" + "198.51.100.0/24" + "203.0.113.0/24" + "255.255.255.255/32" + + "::/128" + "::1/128" + "2001:db8::/32" + "fd00::/8" + "fe80::/10" + + "100.64.10.0/24" + "fd7a:115c:a1e0:1010::/64" + ]; + }; }; # settings = { diff --git a/system/nixos/headscale.nix b/system/nixos/headscale.nix index 045c0b4..84eac3b 100644 --- a/system/nixos/headscale.nix +++ b/system/nixos/headscale.nix @@ -28,7 +28,7 @@ in acl_policy_path = config.age.secrets.headscale-acls.path; dns_config = { - override_local_dns = false; + override_local_dns = true; nameservers = [ "100.64.10.1" diff --git a/system/nixos/tailscale-argon.nix b/system/nixos/tailscale-nodns.nix similarity index 100% rename from system/nixos/tailscale-argon.nix rename to system/nixos/tailscale-nodns.nix diff --git a/system/nixos/tailscale.nix b/system/nixos/tailscale.nix index 78b9266..1c2fc5c 100644 --- a/system/nixos/tailscale.nix +++ b/system/nixos/tailscale.nix @@ -13,6 +13,7 @@ in extraUpFlags = [ "--login-server" headscale + "--stateful-filtering" ]; }; } diff --git a/system/nixos/unbound.nix b/system/nixos/unbound.nix index b3133d1..618e4b4 100644 --- a/system/nixos/unbound.nix +++ b/system/nixos/unbound.nix @@ -24,15 +24,37 @@ num-threads = 1; so-rcvbuf = "1m"; + unblock-lan-zones = true; + insecure-lan-zones = true; + private-address = [ "192.168.0.0/16" "169.254.0.0/16" "172.16.0.0/12" "10.0.0.0/8" + "100.64.10.0/24" "fd00::/8" "fe80::/10" + "fd7a:115c:a1e0:1010::/64" ]; }; + + forward-zone = [ + { + name = "10.64.100.in-addr.arpa."; + forward-addr = "100.100.100.100"; + } + + { + name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa."; + forward-addr = "100.100.100.100"; + } + + { + name = "in-addr.arpa."; + forward-addr = "10.0.0.1"; + } + ]; }; }; }