From 3505aa3776fefadba01a4131ce0a83226b785716 Mon Sep 17 00:00:00 2001 From: Mathieu Strypsteen Date: Sat, 19 Oct 2024 09:12:15 +0200 Subject: [PATCH] Add DoH setup to vyos --- container-config/nginx-home/code | 1 - infra/etc/containers/systemd/forgejo.container | 2 +- setup-qubes-fedora.sh | 2 +- setup-vyos.sh | 8 +++++--- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/container-config/nginx-home/code b/container-config/nginx-home/code index 3eb29c2..7f0bfda 100644 --- a/container-config/nginx-home/code +++ b/container-config/nginx-home/code @@ -4,7 +4,6 @@ server { listen 443 ssl; listen [::]:443 ssl; include snippets/headers.conf; - include snippets/local-only.conf; location / { set $upstream sandbox.server.home.arpa; proxy_pass http://$upstream:8080; diff --git a/infra/etc/containers/systemd/forgejo.container b/infra/etc/containers/systemd/forgejo.container index 55870f0..b197bed 100644 --- a/infra/etc/containers/systemd/forgejo.container +++ b/infra/etc/containers/systemd/forgejo.container @@ -1,5 +1,5 @@ [Container] -Image=codeberg.org/forgejo/forgejo:8-rootless +Image=codeberg.org/forgejo/forgejo:9-rootless Network=nginx.network Volume=/var/lib/system-config/container-config/forgejo:/etc/gitea:z,ro Volume=forgejo.volume:/var/lib/gitea:U,Z diff --git a/setup-qubes-fedora.sh b/setup-qubes-fedora.sh index a497967..5054d22 100644 --- a/setup-qubes-fedora.sh +++ b/setup-qubes-fedora.sh @@ -2,7 +2,7 @@ set -euo pipefail cp -R desktop/* qubes-fedora/* / dnf config-manager --set-enabled qubes-vm-r4.2-security-testing qubes-vm-r4.2-current-testing -dnf install --allowerasing bash-color-prompt bash-completion borgbackup bind-utils butane default-fonts fcitx5-anthy fcitx5-autostart fedora-flathub-remote file-roller fuse-sshfs gcc gcc-gdb-plugin glibc-all-langpacks helm htop kubernetes-client nautilus netcat nodejs-npm pipx qubes-ctap ShellCheck toolbox wireguard-tools whois xdg-desktop-portal-gtk yt-dlp +dnf install --allowerasing bash-color-prompt bash-completion borgbackup bind-utils butane default-fonts fcitx5-anthy fcitx5-autostart fedora-flathub-remote ffmpeg-free file-roller fuse-sshfs gcc gcc-gdb-plugin glibc-all-langpacks helm htop kubernetes-client nautilus netcat nodejs-npm pipx qubes-ctap ShellCheck toolbox wireguard-tools whois xdg-desktop-portal-gtk yt-dlp dnf remove cheese evolution-data-server firefox gnome-software gnome-weather PackageKit-command-not-found rpmfusion-nonfree-release thunderbird totem sh setup-desktop.sh all_proxy=127.0.0.1:8082 flatpak remote-add --if-not-exists flathub /usr/lib/fedora-third-party/conf.d/fedora-flathub.flatpakrepo diff --git a/setup-vyos.sh b/setup-vyos.sh index b3173d7..f60c238 100644 --- a/setup-vyos.sh +++ b/setup-vyos.sh @@ -56,10 +56,12 @@ set service dhcp-server shared-network-name server subnet 192.168.253.0/24 lease set service router-advert interface eth1 prefix ::/64 set service router-advert interface eth2 prefix ::/64 set service router-advert interface eth3 prefix ::/64 -set service dns forwarding listen-address 0.0.0.0 -set service dns forwarding name-server 9.9.9.9 +set service dns forwarding listen-address 192.168.252.1 +set service dns forwarding listen-address 192.168.253.1 +set service dns forwarding listen-address 192.168.254.1 +set service dns forwarding listen-address 192.168.255.1 +set service dns forwarding name-server 127.0.0.1 set service dns forwarding dnssec validate -set service dns forwarding allow-from 127.0.0.1/32 set service dns forwarding allow-from 192.168.0.0/16 set service tftp-server directory /config/tftp set service tftp-server listen-address 192.168.253.1