Update formatting

Use dns over TLS & enable DNSSEC
2025-04-26 17:28:34 +02:00 · 2025-04-26 17:28:26 +02:00
2 changed files with 32 additions and 27 deletions
--- a/host_vars/fudiggity/network.yml
+++ b/host_vars/fudiggity/network.yml
@ -1,81 +1,81 @@
-network_interface: 'link1'
-network_mac: '00:1b:21:3b:50:e2'
+network_interface: link1
+network_mac: 00:1b:21:3b:50:e2

-lan_ip: '192.168.2.1'
-lan_gateway: '192.168.2.254'
-lan_dns: '192.168.2.254'
+lan_ip: 192.168.2.1
+lan_gateway: 192.168.2.254
+lan_dns: 9.9.9.9 149.112.112.112
 lan_prefix: 24
-domain_name: 'fudiggity.nl'
+domain_name: fudiggity.nl

 http_port: 80
 https_port: 443
 ssh_port: 39901

-vpn_listen_address: '10.0.0.1'
+vpn_listen_address: 10.0.0.1
 vpn_prefix: 24
 vpn_subnet: '10.0.0.0/{{ vpn_prefix }}'
 vpn_port: 51902
-vpn_interface: 'wg0'
+vpn_interface: wg0
 vpn_domain: 'vpn.{{ domain_name }}'

-vpn_media_listen_address: '10.0.1.1'
+vpn_media_listen_address: 10.0.1.1
 vpn_media_prefix: 24
 vpn_media_subnet: '10.0.1.0/{{ vpn_media_prefix }}'
 vpn_media_port: 51903
-vpn_media_interface: 'wg1'
+vpn_media_interface: wg1
 vpn_media_domain: 'media-vpn.{{ domain_name }}'

 mpd_domain: 'mpd.{{ domain_name }}'
-mpd_listen_address: '0.0.0.0'
+mpd_listen_address: 0.0.0.0
 mpd_prefix: 24
 mpd_subnet: '172.128.238.0/{{ mpd_prefix }}'
 mpd_port: 21000
 mpd_http_stream_port: 8000
 mpd_http_mobile_stream_port: 8001
-mpd_app_ip: '172.128.238.10'
+mpd_app_ip: 172.128.238.10

-forgejo_ip: '127.0.0.1'
+forgejo_ip: 127.0.0.1
 forgejo_port: 3000
 forgejo_ssh_port: 22
-forgejo_domain: 'forgejo.fudiggity.nl'
+forgejo_domain: forgejo.fudiggity.nl

-woodpecker_ip: '127.0.0.1'
+woodpecker_ip: 127.0.0.1
 woodpecker_port: 7000
-woodpecker_domain: 'woodpecker.fudiggity.nl'
+woodpecker_domain: woodpecker.fudiggity.nl

-newsreader_ip: '127.0.0.1'
+newsreader_ip: 127.0.0.1
 newsreader_port: 5000
-newsreader_domain: 'rss.fudiggity.nl'
+newsreader_domain: rss.fudiggity.nl

-glitchtip_ip: '127.0.0.1'
+glitchtip_ip: 127.0.0.1
 glitchtip_port: 7200
-glitchtip_domain: 'glitchtip.fudiggity.nl'
+glitchtip_domain: glitchtip.fudiggity.nl

 syncthing_domain: 'syncthing.{{ domain_name }}'
-syncthing_listen_address: '0.0.0.0'
+syncthing_listen_address: 0.0.0.0
 syncthing_prefix: 24
 syncthing_subnet: '172.32.238.0/{{ syncthing_prefix }}'
 syncthing_gui_port: 8384
 syncthing_protocol_port: 22000
-syncthing_nginx_ip: '172.32.238.10'
-syncthing_app_ip: '172.32.238.11'
+syncthing_nginx_ip: 172.32.238.10
+syncthing_app_ip: 172.32.238.11

 radicale_domain: 'radicale.{{ domain_name }}'
 radicale_prefix: 24
 radicale_subnet: '172.64.238.0/{{ radicale_prefix }}'
-radicale_nginx_ip: '172.64.238.10'
+radicale_nginx_ip: 172.64.238.10
 radicale_app_port: 5232
-radicale_app_ip: '172.64.238.11'
+radicale_app_ip: 172.64.238.11

 transmission_domain: 'transmission.{{ domain_name }}'
 transmission_prefix: 24
 transmission_subnet: '172.16.238.0/{{ transmission_prefix }}'
 transmission_web_port: 9091
 transmission_peer_port: 51413
-transmission_nginx_ip: '172.16.238.10'
+transmission_nginx_ip: 172.16.238.10

 jellyfin_domain: 'jellyfin.{{ domain_name }}'
 jellyfin_prefix: 24
 jellyfin_subnet: '172.8.238.0/{{ jellyfin_prefix }}'
 jellyfin_web_port: 8096
-jellyfin_nginx_ip: '172.8.238.10'
+jellyfin_nginx_ip: 172.8.238.10
--- a/templates/network/link1.network.j2
+++ b/templates/network/link1.network.j2
@ -6,5 +6,10 @@ Name={{ network_interface }}
 [Network]
 Address={{ lan_ip }}/{{ lan_prefix }}
 Gateway={{ lan_gateway }}
+
 DNS={{ lan_dns }}
+DNSOverTLS=yes
+DNSSEC=yes
+
+RequiredForOnline=routable
 IgnoreCarrierLoss=yes
Author	SHA1	Message	Date
Sonny Bakker	3d89ca8b9f	Update formatting	2025-04-26 17:28:34 +02:00
Sonny Bakker	8047fb2c82	Use dns over TLS & enable DNSSEC	2025-04-26 17:28:26 +02:00