dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/britway: Use internal addresses for DNS

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-12-23 00:49:02 +00:00
parent 0a86a649a6
commit f58b71e8d3
5 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/boxes/britway/tailscale.nix
View File

@@ -49,15 +49,19 @@ in
noise.private_key_path = "/var/lib/headscale/noise_private.key";
ip_prefixes = with lib.my.c.tailscale.prefix; [ v4 v6 ];
dns_config = {
# Use IPs that will route inside the VPN to prevent interception
# (e.g. DNS rebinding filtering)
restricted_nameservers = {
"${domain}" = pubNameservers;
"${lib.my.c.colony.domain}" = with allAssignments.estuary.internal; [
"${lib.my.c.colony.domain}" = with allAssignments.estuary.base; [
ipv4.address ipv6.address
];
"${lib.my.c.home.domain}" = lib.my.c.home.routersPubV4 ++ ([
allAssignments.river.as211024.ipv6.address
allAssignments.stream.as211024.ipv6.address
]);
"${lib.my.c.home.domain}" = with allAssignments; [
river.hi.ipv4.address
river.hi.ipv6.address
stream.hi.ipv4.address
stream.hi.ipv6.address
];
};
magic_dns = true;
base_domain = "ts.${pubDomain}";