fix: router router

Signed-off-by: Anthony Rabbito <[email protected]>
anthr76 · Jul 15, 2024 · fd5abc4 · fd5abc4
1 parent e579cb1
commit fd5abc4
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 23 deletions.
diff --git a/nixos/hosts/fw1-nwk2/default.nix b/nixos/hosts/fw1-nwk2/default.nix
@@ -160,7 +160,7 @@ in
       };
     '';
     zones = {
-      "nwk3.rabbito.tech." = {
+      "nwk2.rabbito.tech." = {
         master = true;
             file = pkgs.writeText "nwk2.rabbito.tech" (lib.strings.concatStrings [
               ''

diff --git a/nixos/personalities/server/router/dns.nix b/nixos/personalities/server/router/dns.nix
@@ -1,31 +1,33 @@
 { config, outputs, pkgs, lib, ... }:
 {
-  systemd.timers.dnscrypt-proxy2-blocklists = {
-    description = "Fetch and update blocklist file daily";
-    wantedBy = [ "timers.target" "dnscrypt-proxy2.service"];
-    timerConfig = {
-      OnCalendar = "daily";
-      Persistent = true;
-    };
-  };
-  systemd.services.dnscrypt-proxy2-blocklists = {
-    path = [
-      pkgs.curl
-    ];
-    script = ''
-      set -x
-      curl -o /var/lib/dnscrypt-proxy/blocklist.txt https://big.oisd.nl/domainswild
-    '';
-    serviceConfig.Type = "oneshot";
-    serviceConfig.Restart = "on-failure";
-  };
+  # TODO Set up blocklist
+  # Ensure resolution without DNS.
+  # systemd.timers.dnscrypt-proxy2-blocklists = {
+  #   description = "Fetch and update blocklist file daily";
+  #   wantedBy = [ "timers.target" "dnscrypt-proxy2.service"];
+  #   timerConfig = {
+  #     OnCalendar = "daily";
+  #     Persistent = true;
+  #   };
+  # };
+  # systemd.services.dnscrypt-proxy2-blocklists = {
+  #   path = [
+  #     pkgs.curl
+  #   ];
+  #   script = ''
+  #     set -x
+  #     curl -o /var/lib/dnscrypt-proxy/blocklist.txt https://big.oisd.nl/domainswild
+  #   '';
+  #   serviceConfig.Type = "oneshot";
+  #   serviceConfig.Restart = "on-failure";
+  # };
   services.dnscrypt-proxy2 = {
     enable = true;
     settings = {
       listen_addresses = [ "127.0.0.1:53" ];
-      blocked_names = {
-        blocked_names_file = "/var/lib/dnscrypt-proxy/blocklist.txt";
-      };
+      # blocked_names = {
+      #   blocked_names_file = "/var/lib/dnscrypt-proxy/blocklist.txt";
+      # };
       allowed_names = {
         allowed_names_file = pkgs.writeText "allow_list.txt" (lib.strings.concatStrings [
           ''