nly/nixos-config - Change YYVLXCNN7ESY2CV5WBOSBXANJDXZW45YUL5DG5RLJQOUHPQRZULAC

great reset;

remove autogen comments
remove non functional bits
remove dnsmasq
use unbound

Created by lylyly on February 13, 2021

YYVLXCNN7ESY2CV5WBOSBXANJDXZW45YUL5DG5RLJQOUHPQRZULAC

Dependencies

[2] N36OZC57VXYPRLQ4MS3QZCXQMRWWXI77CWMIICXEY5TDKDLVVGKAC

In channels

main

Change contents

Replacement in configuration.nix at line 1 [2.1]

B:BD[2.1] → [2.2:142]

# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page

[2.1]

[2.142]

# Help is available in the configuration.nix(5) man page

Deletion in configuration.nix at line 25 [2.1]
B:BD[2.715] → [2.715:773]
```
  boot.blacklistedKernelModules = [ ];       # ask.fedora
```

Deletion in configuration.nix at line 27 [2.1]

B:BD[2.785] → [2.785:913]

    # kernelParams = [ "nomodeset" ];        # the GPU was stuck at boot
    # boot.kernelPackages = pkgs.linuxPackages_latest;

Deletion in configuration.nix at line 35 [2.1]

B:BD[2.1105] → [2.1105:1181]

    # wireless.userControlled.enable = true;
    wireless.extraConfig = "";

Deletion in configuration.nix at line 36 [2.1]
B:BD[2.1283] → [2.1283:1344]
```
    useDHCP = false;        # deprecated; use per-interface
```

Deletion in configuration.nix at line 38 [2.1]

B:BD[2.1420] → [2.1420:1629]

    # Open ports in the firewall.
    # Or disable the firewall altogether.
    # networking.firewall.enable = false;
    # iptables -t nat -A OUTPUT -o lo -d 127.192.0.0/10 -p tcp -j REDIRECT --to-ports 8118

Insertion in configuration.nix at line 39 [2.1]

[2.1630]

    firewall = {
      enable = true;
      extraCommands = "
iptables -A INPUT -p tcp --dport 9040 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 127.192.0.0/10 -j REDIRECT --to-port 9040
iptables -t nat -A OUTPUT -p tcp -d 127.192.0.0/10 -j REDIRECT --to-port 9040";
      allowedTCPPorts = [ 30000 22 80 8080 ];
      allowedUDPPorts = [ 30000 22 80 8080 ];
    };

Deletion in configuration.nix at line 68 [2.1]

B:BD[2.1994] → [2.1994:2060]

    jagga = {
      isNormalUser = true;
      uid = 1313;
    };

Deletion in configuration.nix at line 89 [2.1]

B:BD[2.2690] → [2.2690:3149]

  };
  services.privoxy = {
    enable = true;
    extraConfig = "
accept-intercepted-requests 1
forward .i2p 127.0.0.1:4444
";
  };
  networking.firewall = {
    enable = true;
    extraCommands = "
iptables -t nat -A OUTPUT -o lo -d 127.192.0.0/10 -p tcp -j REDIRECT --to-ports 9040
ip6tables -t nat -A OUTPUT -o lo -d FE80::/10 -p tcp -j REDIRECT --to-ports 9040
";
    allowedTCPPorts = [ 30000 22 80 8080 ];
    allowedUDPPorts = [ 30000 22 80 8080 ];

Replacement in configuration.nix at line 90 [2.1]

B:BD[2.3154] → [2.3154:3656]

  services.unbound = {
    enable = true;
    extraConfig = "
server:
  interface: 0.0.0.0
  interface: ::0
  Access-control: 127.0.0.0/8 allow
  access-control: 192.168.0.0/24 allow
  access-control: 192.168.1.0/24 allow
domain-insecure: \"onion\"
private-domain: \"onion\"
do-not-query-localhost: no
local-zone: \"onion.\" nodefault
forward-zone:
  name: \".\"
  forward-addr: 208.67.222.222
  forward-addr: 208.67.220.220
forward-zone:
  name: \"onion\"
  forward-addr: 127.0.0.1@5300
";
  };

[2.3154]

[2.3656]

Deletion in configuration.nix at line 92 [2.1]

B:BD[2.3671] → [2.3671:3803]

    dnsmasq = {
      enable = false;
      extraConfig = "
local-service
server=192.168.1.1
server=/onion/127.0.0.1@5300
";
    };

Replacement in configuration.nix at line 104 [2.1]
B:BD[2.4201] → [2.4201:4222]
```
DNSPort 0.0.0.0:5300
```
[2.4201]
[2.4222]
```
DNSPort 5353
```

Insertion in configuration.nix at line 116 [2.1]

[2.4431]

    unbound = {
      enable = true;
      extraConfig = "
domain-insecure: \"onion\"
private-domain: \"onion\"
do-not-query-localhost: no
local-zone: \"onion.\" nodefault
forward-zone:
  name: \"onion\"
  forward-addr: 127.0.0.1@5353
  forward-first: no
";
    };

Deletion in configuration.nix at line 133 [2.1]

B:BD[2.4437] → [2.4437:4953]

  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.