From 8047fb2c82969c34a4832ebe5330700636375517 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 17:28:26 +0200 Subject: [PATCH 1/2] Use dns over TLS & enable DNSSEC --- host_vars/fudiggity/network.yml | 2 +- templates/network/link1.network.j2 | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/host_vars/fudiggity/network.yml b/host_vars/fudiggity/network.yml index 9653d27..6ac2512 100644 --- a/host_vars/fudiggity/network.yml +++ b/host_vars/fudiggity/network.yml @@ -3,7 +3,7 @@ network_mac: '00:1b:21:3b:50:e2' lan_ip: '192.168.2.1' lan_gateway: '192.168.2.254' -lan_dns: '192.168.2.254' +lan_dns: 9.9.9.9 149.112.112.112 lan_prefix: 24 domain_name: 'fudiggity.nl' diff --git a/templates/network/link1.network.j2 b/templates/network/link1.network.j2 index b7c3a53..fbd0b17 100644 --- a/templates/network/link1.network.j2 +++ b/templates/network/link1.network.j2 @@ -6,5 +6,10 @@ Name={{ network_interface }} [Network] Address={{ lan_ip }}/{{ lan_prefix }} Gateway={{ lan_gateway }} + DNS={{ lan_dns }} +DNSOverTLS=yes +DNSSEC=yes + +RequiredForOnline=routable IgnoreCarrierLoss=yes From 3d89ca8b9f733e10549db79ac0eadacd630e3a91 Mon Sep 17 00:00:00 2001 From: Sonny Bakker Date: Sat, 26 Apr 2025 17:28:34 +0200 Subject: [PATCH 2/2] Update formatting --- host_vars/fudiggity/network.yml | 52 ++++++++++++++++----------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/host_vars/fudiggity/network.yml b/host_vars/fudiggity/network.yml index 6ac2512..5aa1902 100644 --- a/host_vars/fudiggity/network.yml +++ b/host_vars/fudiggity/network.yml @@ -1,81 +1,81 @@ -network_interface: 'link1' -network_mac: '00:1b:21:3b:50:e2' +network_interface: link1 +network_mac: 00:1b:21:3b:50:e2 -lan_ip: '192.168.2.1' -lan_gateway: '192.168.2.254' +lan_ip: 192.168.2.1 +lan_gateway: 192.168.2.254 lan_dns: 9.9.9.9 149.112.112.112 lan_prefix: 24 -domain_name: 'fudiggity.nl' +domain_name: fudiggity.nl http_port: 80 https_port: 443 ssh_port: 39901 -vpn_listen_address: '10.0.0.1' +vpn_listen_address: 10.0.0.1 vpn_prefix: 24 vpn_subnet: '10.0.0.0/{{ vpn_prefix }}' vpn_port: 51902 -vpn_interface: 'wg0' +vpn_interface: wg0 vpn_domain: 'vpn.{{ domain_name }}' -vpn_media_listen_address: '10.0.1.1' +vpn_media_listen_address: 10.0.1.1 vpn_media_prefix: 24 vpn_media_subnet: '10.0.1.0/{{ vpn_media_prefix }}' vpn_media_port: 51903 -vpn_media_interface: 'wg1' +vpn_media_interface: wg1 vpn_media_domain: 'media-vpn.{{ domain_name }}' mpd_domain: 'mpd.{{ domain_name }}' -mpd_listen_address: '0.0.0.0' +mpd_listen_address: 0.0.0.0 mpd_prefix: 24 mpd_subnet: '172.128.238.0/{{ mpd_prefix }}' mpd_port: 21000 mpd_http_stream_port: 8000 mpd_http_mobile_stream_port: 8001 -mpd_app_ip: '172.128.238.10' +mpd_app_ip: 172.128.238.10 -forgejo_ip: '127.0.0.1' +forgejo_ip: 127.0.0.1 forgejo_port: 3000 forgejo_ssh_port: 22 -forgejo_domain: 'forgejo.fudiggity.nl' +forgejo_domain: forgejo.fudiggity.nl -woodpecker_ip: '127.0.0.1' +woodpecker_ip: 127.0.0.1 woodpecker_port: 7000 -woodpecker_domain: 'woodpecker.fudiggity.nl' +woodpecker_domain: woodpecker.fudiggity.nl -newsreader_ip: '127.0.0.1' +newsreader_ip: 127.0.0.1 newsreader_port: 5000 -newsreader_domain: 'rss.fudiggity.nl' +newsreader_domain: rss.fudiggity.nl -glitchtip_ip: '127.0.0.1' +glitchtip_ip: 127.0.0.1 glitchtip_port: 7200 -glitchtip_domain: 'glitchtip.fudiggity.nl' +glitchtip_domain: glitchtip.fudiggity.nl syncthing_domain: 'syncthing.{{ domain_name }}' -syncthing_listen_address: '0.0.0.0' +syncthing_listen_address: 0.0.0.0 syncthing_prefix: 24 syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}' syncthing_gui_port: 8384 syncthing_protocol_port: 22000 -syncthing_nginx_ip: '172.32.238.10' -syncthing_app_ip: '172.32.238.11' +syncthing_nginx_ip: 172.32.238.10 +syncthing_app_ip: 172.32.238.11 radicale_domain: 'radicale.{{ domain_name }}' radicale_prefix: 24 radicale_subnet: '172.64.238.0/{{ radicale_prefix }}' -radicale_nginx_ip: '172.64.238.10' +radicale_nginx_ip: 172.64.238.10 radicale_app_port: 5232 -radicale_app_ip: '172.64.238.11' +radicale_app_ip: 172.64.238.11 transmission_domain: 'transmission.{{ domain_name }}' transmission_prefix: 24 transmission_subnet: '172.16.238.0/{{ transmission_prefix }}' transmission_web_port: 9091 transmission_peer_port: 51413 -transmission_nginx_ip: '172.16.238.10' +transmission_nginx_ip: 172.16.238.10 jellyfin_domain: 'jellyfin.{{ domain_name }}' jellyfin_prefix: 24 jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}' jellyfin_web_port: 8096 -jellyfin_nginx_ip: '172.8.238.10' +jellyfin_nginx_ip: 172.8.238.10