talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Build the cilium manifest automatically in nix.

Browse Source
This commit is contained in:
Tom Alexander
2025-12-29 19:11:55 -05:00
parent b504dc4d66
commit 58a2061c08
12 changed files with 83 additions and 1746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nix/kubernetes/roles/network/default.nix
View File

@@ -30,16 +30,21 @@
config = lib.mkIf config.me.network.enable {
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
# Nameservers configured in host-specific files.
# networking.nameservers = [
# "194.242.2.2#doh.mullvad.net"
# "2a07:e340::2#doh.mullvad.net"
# ];
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
"10.215.1.1"
"2620:11f:7001:7:ffff:ffff:0ad7:0101"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
# dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.