Build the cilium manifest automatically in nix.

2025-12-29 19:11:55 -05:00
parent 332bab09e3
commit be85d828b9
12 changed files with 83 additions and 1746 deletions
--- a/nix/kubernetes/roles/network/default.nix
+++ b/nix/kubernetes/roles/network/default.nix
@@ -30,16 +30,21 @@
  config = lib.mkIf config.me.network.enable {
    networking.dhcpcd.enable = lib.mkDefault false;
    networking.useDHCP = lib.mkDefault false;
+    # Nameservers configured in host-specific files.
+    # networking.nameservers = [
+    #   "194.242.2.2#doh.mullvad.net"
+    #   "2a07:e340::2#doh.mullvad.net"
+    # ];
    networking.nameservers = [
-      "194.242.2.2#doh.mullvad.net"
-      "2a07:e340::2#doh.mullvad.net"
+      "10.215.1.1"
+      "2620:11f:7001:7:ffff:ffff:0ad7:0101"
    ];
    services.resolved = {
      enable = true;
      # dnssec = "true";
      domains = [ "~." ];
      fallbackDns = [ ];
-      dnsovertls = "true";
+      # dnsovertls = "true";
    };

    # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.