simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

wireguard/support: Remove DNS records for peers

Browse source 
For this use case, DNS is not very useful.
This commit is contained in:
Simon Bruder 2023-10-23 19:38:00 +02:00
parent f8fa17c602
commit dc3a17ffe0
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 0 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
modules/wireguard/support.nix
View file

@ -49,33 +49,5 @@ in
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = lib.mkOverride 998 1; "net.ipv4.ip_forward" = lib.mkOverride 998 1;
}; };
services.bind = {
enable = true;
zones = lib.singleton {
name = "support.vpn.sbruder.de";
master = true;
file =
let
# !!! very hacky
hexStringToInt = hex: (builtins.fromTOML "int = 0x${hex}").int;
peerRecords = lib.concatStrings
(lib.mapAttrsToList
(peer: peerConfig: ''
${peer} IN A ${peerConfig.address}
'')
peers);
peerRecordsHash = builtins.hashString "sha256" peerRecords;
serial = hexStringToInt (lib.substring 0 8 peerRecordsHash);
in
pkgs.writeText "support.vpn.sbruder.de.zone" (''
$TTL 3600
@ IN SOA ${serverHostName}.sbruder.de. hostmaster.sbruder.de. ${toString serial} 28800 3600 604800 3600
@ IN NS ${serverHostName}.sbruder.de.
'' + peerRecords);
};
};
}; };
} }