eliribble
/
nixos-systems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: eliribble:6271f38fff4058e1e7047e14acfb31b39b9901fa
Branches Tags
eliribble:main
...
compare: eliribble:f44f8346f4c890aa3e998ff039b6b6898b3f2ea5
Branches Tags
eliribble:main

8 Commits
6271f38fff ... f44f8346f4

Author SHA1 Message Date
Eli Ribble f44f8346f4 Get pihole listening on the local IPv4 and IPv6 addresses. 
I'm not sure if the defaultNetwork subnet changes are necessary, I was trying
lots of stuff. There are some whitespace changes as well, don't get
distracted by them.

Most critically the --network=bridge is and the dns_enabled=false avoid
starting the aardvark-dns thing that podman does for internal dns on
port 53 and make it so the container gets the IPv6 address for listening
to incoming requests.
 2024-08-16 17:49:32 -07:00
Eli Ribble c953a3b798 Add static local IPv6 address. 
This gives me something that the router can point to for DNS resolution
for other devices on the network.
 2024-08-16 17:48:20 -07:00
Eli Ribble 5848437e3f Disable the stub resolved listener. 
I want pihole to bind all available addresses itself, without listing
them, so I need all the port 53s to be free on all addresses. This will
also mean that the server itself will go through pihole.
 2024-08-16 17:47:25 -07:00
Eli Ribble 5bed23c073 Add lsof. 
Useful tool to check what is using port 53.
 2024-08-16 17:47:09 -07:00
Eli Ribble 5e9e93361a Remove the unnecessary network config options. 
Turns out my router advertises enough to do the right thing without
this.
 2024-08-16 16:35:49 -07:00
Eli Ribble 67cee9d1f3 Quick checkpoint of work on networking. 
It cost about 2 hours to figure this out from reading the networkd.nix
definition. It doesn't actually do what I need it to do, however,
because I misunderstood what I need. Still though, I want to save it
since it was so hard-earned.
 2024-08-16 16:30:53 -07:00
Eli Ribble 73c9593bfe Switch to systemd.networkd for network config. 
Turns out the other method, the default method, is a series of bash
scripts (?). That's according to online documentation. By switching to
using networkd I can get proper declarative network configuration. With
this config I'm getting an IPv6 address from my router that is globally
routable, and another address that is static that I can let the router
configure for users of the local network to reach the pihole for IPv6.
 2024-08-15 21:34:13 -07:00
Eli Ribble e2ff975a7c Enable mosh. 
Mosh gives me the ability to deal with the fact that my connection over
my own wifi is dropping packets for up to 10 seconds at a time.
 2024-08-15 21:31:37 -07:00
1 changed files with 54 additions and 23 deletions
Show Stats Expand all files Collapse all files

77
quinn/etc/nixos/configuration.nix
View File

@ -92,6 +92,7 @@
fish
git
htop
lsof
#mongodb
neovim
nginx
@ -119,6 +120,7 @@
# enable = true;
# enableSSHSupport = true;
# };
programs.mosh.enable = true;
# Make neovim the default editor
programs.neovim.enable = true;
@ -133,7 +135,7 @@
enableACME = false;
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:10000;
client_body_buffer_size 128k;
client_body_buffer_size 128k;
client_max_body_size 10G;
#Timeout if the real server is dead
@ -181,15 +183,12 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Enable radvd for advertising IPv6 local addresses
#services.radvd.config = ''
#interface enp2s0 {
#AdvDefaultLifetime 0;
#AdvSendAdvert on;
#prefix fc00::5/48 { };
#};
#'';
#services.radvd.enable = true;
# Disable the resolved stub listener, let Pihole do it
services.resolved = {
extraConfig = ''
DNSStubListener=no
'';
};
# Set up a samba share for the scanner
services.samba = {
@ -232,12 +231,7 @@
];
};
#networking.interfaces = {
#enp2s0.ipv6.addresses = [{
#address = "fc00:0000:000::5";
#prefixLength = 48;
#}];
#};
networking.useNetworkd = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
@ -262,6 +256,31 @@
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp2s0";
networkConfig = {
# start a DHCP Client for IPv4 Addressing/Routing
DHCP = "ipv4";
# accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
IPv6AcceptRA = true;
};
addresses = [{
addressConfig = {
Address="fd00::2/64";
};
} {
addressConfig = {
Address="::/0";
Scope="global";
};
}];
# make routing on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
systemd.services.scan-uploader = {
enable = true;
wantedBy = [ "multi-user.target" ];
@ -286,23 +305,35 @@
autoStart = true;
environment = {
TZ = "America/Phoenix";
DNSMASQ_LISTENING = "all";
DNSMASQ_LISTENING = "all";
};
extraOptions = ["--network=bridge"];
image = "docker.io/pihole/pihole:2024.07.0";
ports = [
"192.168.1.5:53:53/tcp"
"192.168.1.5:53:53/udp"
"192.168.1.5:67:67"
"127.0.0.1:10000:80"
"53:53/tcp"
"53:53/udp"
"67:67"
"127.0.0.1:10000:80"
];
volumes = [
"/etc/pihole/config:/etc/pihole"
"/etc/pihole/dnsmasq.d:/etc/dnsmasq.d"
"/etc/pihole/dnsmasq.d:/etc/dnsmasq.d"
];
};
};
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
virtualisation.podman.defaultNetwork.settings = {
dns_enabled = false;
ipv6_enabled = true;
subnets = [{
gateway = "10.88.0.1";
subnet = "10.88.0.0/16";
}
{
gateway = "fd00::1:8:1";
subnet = "fd00::1:8:0/122";
}];
};
}