From d508543c3c6b1e2d93d0cfa8268eb192311fe2b9 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Mon, 12 Sep 2022 20:54:59 +0200 Subject: [PATCH] fuuko: Disable DHCP and DNS server MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is now the main router’s job. --- machines/fuuko/configuration.nix | 1 - machines/fuuko/hardware-configuration.nix | 23 ++---------- machines/fuuko/services/dnsmasq.nix | 44 ----------------------- machines/renge/services/prometheus.nix | 8 ----- 4 files changed, 2 insertions(+), 74 deletions(-) delete mode 100644 machines/fuuko/services/dnsmasq.nix diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix index db87ac4..7deb6b9 100644 --- a/machines/fuuko/configuration.nix +++ b/machines/fuuko/configuration.nix @@ -5,7 +5,6 @@ ../../modules ../../users/simon - ./services/dnsmasq.nix ./services/fritzbox-exporter.nix ./services/media-backup.nix ./services/media.nix diff --git a/machines/fuuko/hardware-configuration.nix b/machines/fuuko/hardware-configuration.nix index 03b2c0f..3ee4d13 100644 --- a/machines/fuuko/hardware-configuration.nix +++ b/machines/fuuko/hardware-configuration.nix @@ -11,14 +11,7 @@ blacklistedKernelModules = [ "acpi_power_meter" ]; # constantly pollutes kernel log extraModulePackages = [ ]; supportedFilesystems = [ "btrfs" ]; - kernelParams = - let - mainInterface = config.systemd.network.networks.eno1; - first = lib.flip lib.elemAt 0; - in - [ - "ip=${first mainInterface.address}::${first mainInterface.gateway}::${config.networking.hostName}:${mainInterface.name}" - ]; + kernelParams = [ "ip=dhcp" ]; initrd = { availableKernelModules = [ "aesni_intel" # hardware crypto for luks @@ -82,19 +75,7 @@ powerManagement.cpuFreqGovernor = "performance"; networking.useDHCP = false; - systemd.network = { - enable = true; - networks = { - eno1 = { - name = "eno1"; - dns = [ "192.168.100.1" ]; - domains = [ "home.sbruder.de" ]; - address = [ "192.168.100.61/24" ]; - gateway = [ "192.168.100.1" ]; - }; - }; - }; - services.resolved.enable = false; + networking.interfaces.eno1.useDHCP = true; systemd.network.wait-online.extraArgs = [ "-i" "eno1" ]; } diff --git a/machines/fuuko/services/dnsmasq.nix b/machines/fuuko/services/dnsmasq.nix deleted file mode 100644 index 173dfb4..0000000 --- a/machines/fuuko/services/dnsmasq.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.dnsmasq = { - enable = true; - - extraConfig = '' - bogus-priv # do not forward revese lookups of internal addresses - domain-needed # do not forward names without domain - local-service # only respond to queries from local network - no-hosts # do not resolve hosts from /etc/hosts - no-resolv # only use explicitly configured resolvers - - cache-size=10000 - - server=/fritz.box/192.168.100.1 - - domain=home.sbruder.de - - dhcp-range=192.168.100.20,192.168.100.150,12h - dhcp-option=option:router,192.168.100.1 - ''; - servers = [ - "9.9.9.9" # dns.quad9.net - "2620:fe::fe" - "194.150.168.168" # dns.as250.net - ]; - }; - - # Make `local-service` work (requires network interface with all addresses) - systemd.services.dnsmasq = { - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - }; - - services.prometheus.exporters.dnsmasq = { - enable = true; - listenAddress = config.sbruder.wireguard.home.address; - leasesPath = "/var/lib/dnsmasq/dnsmasq.leases"; - }; - - networking.firewall.allowedUDPPorts = [ 53 67 ]; - networking.firewall.allowedTCPPorts = [ 53 ]; -} diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 72faebf..0911b72 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -98,14 +98,6 @@ in }; } ) - { - job_name = "dnsmasq"; - static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}"; - relabel_configs = lib.singleton { - target_label = "instance"; - replacement = "fuuko.home.sbruder.de"; - }; - } { job_name = "hcloud"; static_configs = mkStaticTarget config.services.hcloud_exporter.listenAddress;