bgpwtf: add rsh tests, fix startup sequencing
Change-Id: Idba53905d3965db6f805221da3e48548d7a01811
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1340
Reviewed-by: implr <implr@hackerspace.pl>
diff --git a/bgpwtf/machines/edge01.waw.bgp.wtf.nix b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
index ff58ea3..71421db 100644
--- a/bgpwtf/machines/edge01.waw.bgp.wtf.nix
+++ b/bgpwtf/machines/edge01.waw.bgp.wtf.nix
@@ -30,39 +30,31 @@
# TODO(q3k): make this generic, move to modules/router.nix.
services.unbound = {
enable = true;
- interfaces = [
- "185.236.240.1"
- "2a0d:eb00:2137::1"
- "127.0.0.1"
- ];
- allowedAccess = [
- "185.236.240.0/22"
- "2a0d:eb00::0/29"
- "127.0.0.0/8"
- ];
- extraConfig = ''
- outgoing-interface: 185.236.240.1
- outgoing-interface: 2a0d:eb00:2137::1
- cache-max-negative-ttl: 30
-
- # Disable DoH in Firefox
- local-zone: "use-application-dns.net" static
-
- # Rejestr Stron Hazardowych.
- # Populated by the rsh-unbound daemon.
- include: "/var/lib/unbound/rsh.conf"
-
- remote-control:
- control-enable: yes
- control-interface: /var/run/unbound.ctl
- '';
+ settings = {
+ server = {
+ interface = [
+ "185.236.240.1"
+ "2a0d:eb00:2137::1"
+ "127.0.0.1"
+ ];
+ access-control = [
+ "185.236.240.0/22 allow"
+ "2a0d:eb00::0/29 allow"
+ "127.0.0.0/8 allow"
+ ];
+ outgoing-interface = [
+ "185.236.240.1"
+ "2a0d:eb00:2137::1"
+ ];
+ cache-max-negative-ttl = [ "30" ];
+ local-zone = [
+ # Disable DoH in Firefox
+ "\"use-application-dns.net\" static"
+ ];
+ };
+ };
};
- # Fix `systemctl reload unbound`.
- systemd.services.unbound.reload = "${pkgs.unbound}/bin/unbound-control -c /var/lib/unbound/unbound.conf reload";
- hscloud.rsh = {
- enable = true;
- out = "/var/lib/unbound/rsh.conf";
- };
+ hscloud.rsh.enable = true;
networking.wireguard.interfaces = {
wg-fmt = {