Fix unbound; remove Nixos firewall (use only diplonat)

This commit is contained in:
Alex 2023-04-21 11:29:15 +02:00
parent 529480b133
commit a9e9149739
10 changed files with 3 additions and 17 deletions

View file

@ -6,7 +6,7 @@
# The IP range to use for the Wireguard overlay of this cluster
deuxfleurs.clusterPrefix = "10.83.0.0/16";
deuxfleurs.cluster_nodes = {
deuxfleurs.clusterNodes = {
"concombre" = {
siteName = "neptune";
publicKey = "VvXT0fPDfWsHxumZqVShpS33dJQAdpJ1E79ZbCBJP34=";

View file

@ -4,6 +4,4 @@
deuxfleurs.siteName = "bespin";
deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
deuxfleurs.cnameTarget = "bespin.site.deuxfleurs.fr.";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -5,6 +5,4 @@
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
deuxfleurs.cnameTarget = "neptune.site.deuxfleurs.fr.";
deuxfleurs.publicIPv4 = "77.207.15.215";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -10,6 +10,4 @@
deuxfleurs.staticIPv6.defaultGateway = "2a01:e0a:28f:5e60::1";
deuxfleurs.cnameTarget = "orion.site.deuxfleurs.fr.";
deuxfleurs.publicIPv4 = "82.66.80.201";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -5,6 +5,4 @@
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.254";
deuxfleurs.cnameTarget = "scorpio.site.deuxfleurs.fr.";
deuxfleurs.publicIPv4 = "82.65.41.110";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -4,6 +4,4 @@
deuxfleurs.siteName = "bespin";
deuxfleurs.staticIPv4.defaultGateway = "192.168.5.254";
deuxfleurs.cnameTarget = "bespin.site.staging.deuxfleurs.org.";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -5,6 +5,4 @@
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
deuxfleurs.cnameTarget = "corrin.site.staging.deuxfleurs.org.";
deuxfleurs.publicIPv4 = "2.13.96.213";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -4,6 +4,4 @@
deuxfleurs.siteName = "jupiter";
deuxfleurs.staticIPv4.defaultGateway = "192.168.1.1";
deuxfleurs.cnameTarget = "jupiter.site.staging.deuxfleurs.org.";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -3,6 +3,4 @@
{
deuxfleurs.siteName = "neptune";
deuxfleurs.cnameTarget = "neptune.site.staging.deuxfleurs.org.";
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

View file

@ -213,6 +213,8 @@ in
access-control = [
"127.0.0.0/8 allow"
"172.17.0.0/16 allow"
"192.168.0.0/16 allow"
"${cfg.clusterPrefix} allow"
];
};
stub-zone = [