sj-vps-htz0,containers/dns: remove IPv6, opportunistic TLS

2023-11-25 09:19:31 +01:00 · 2023-11-25 09:19:31 +01:00 · f5882396e3
commit f5882396e3
parent d86fdd61c9
3 changed files with 26 additions and 24 deletions
--- a/nix/os/devices/sj-vps-htz0/system.nix
+++ b/nix/os/devices/sj-vps-htz0/system.nix
@ -8,6 +8,10 @@
 }: let
  wireguardPort = 51820;
 in {
+  imports = [
+    ../../snippets/systemd-resolved.nix
+  ];
+
  networking.firewall.enable = true;
  networking.nftables.enable = true;

@ -47,18 +51,6 @@ in {
    interface = "eth0";
  };

-  networking.nameservers = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
-
-  services.resolved = {
-    enable = true;
-    dnssec = "true";
-    domains = ["~."];
-    fallbackDns = ["1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one"];
-    extraConfig = ''
-      DNSOverTLS=yes
-    '';
-  };
-
  networking.nat = {
    enable = true;
    internalInterfaces = ["ve-*" "wg*"];