Alex
a0db30ca26
- get rid of outside nameserver, unbound does the recursive resolving itself (and it checks DNSSEC) - remove CAP_NET_BIND_SERVICE for Consul as it is no longer binding on port 53 (was already obsolete) - make unbound config independant of LAN IPv4 address
17 lines
554 B
Nix
17 lines
554 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
deuxfleurs.site_name = "neptune";
|
|
deuxfleurs.lan_default_gateway = "192.168.1.1";
|
|
deuxfleurs.ipv6_default_gateway = "2001:910:1204:1::1";
|
|
deuxfleurs.lan_ip_prefix_length = 24;
|
|
deuxfleurs.ipv6_prefix_length = 64;
|
|
deuxfleurs.cname_target = "neptune.site.staging.deuxfleurs.org.";
|
|
|
|
# no public ipv4 is used for the staging cluster on Neptune,
|
|
# because the Internet connection is already used for the prod cluster
|
|
# deuxfleurs.public_ipv4 = "77.207.15.215";
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|