From c1dc0fef0146f60775a9527eaac7a36fd74ac608 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@moduscreate.com>
Date: Tue, 1 Jul 2025 13:09:06 +0200
Subject: [PATCH] Split nameservers between IPv4 and IPv6 (#420)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reviewed-on: https://git.fediversity.eu/Fediversity/Fediversity/pulls/420
Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io>
Co-authored-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
Co-committed-by: Nicolas “Niols” Jeannerod <nicolas.jeannerod@moduscreate.com>
---
 infra/common/nixos/networking.nix | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/infra/common/nixos/networking.nix b/infra/common/nixos/networking.nix
index 3ce6d0bd..0a703e9c 100644
--- a/infra/common/nixos/networking.nix
+++ b/infra/common/nixos/networking.nix
@@ -21,13 +21,8 @@ in
         ## REVIEW: Do we actually need that, considering that we have static IPs?
         useDHCP = mkDefault true;
 
-        nameservers = [
-          "95.215.185.6"
-          "95.215.185.7"
-          "2a00:51c0::5fd7:b906"
-          "2a00:51c0::5fd7:b907"
-        ];
-
+        ## Disable the default firewall and use nftables instead, with a custom
+        ## Procolix-made ruleset.
         firewall.enable = false;
         nftables = {
           enable = true;
@@ -44,6 +39,10 @@ in
           address = config.fediversityVm.ipv4.gateway;
           interface = config.fediversityVm.ipv4.interface;
         };
+        nameservers = [
+          "95.215.185.6"
+          "95.215.185.7"
+        ];
       })
 
       ## IPv6
@@ -55,6 +54,10 @@ in
           address = config.fediversityVm.ipv6.gateway;
           interface = config.fediversityVm.ipv6.interface;
         };
+        nameservers = [
+          "2a00:51c0::5fd7:b906"
+          "2a00:51c0::5fd7:b907"
+        ];
       })
     ];
   };