From 7a5f89cf908717e8c5b7082a04786fcaef503766 Mon Sep 17 00:00:00 2001
From: Christoph Urlacher <christoph.urlacher@protonmail.com>
Date: Fri, 11 Jul 2025 01:52:40 +0200
Subject: [PATCH] System: Don't use local DNS server for servenix and thinknix
 (they should be reliable)

---
 system/nixinator/default.nix |  4 ++--
 system/servenix/default.nix  |  2 +-
 system/thinknix/default.nix  | 20 ++++++++++++++------
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix
index 2898b6a1..a0259da5 100644
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@@ -42,7 +42,7 @@
           interface = "enp8s0";
           ip = "192.168.86.50/24";
           router = "192.168.86.5";
-          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8
+          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8 (create imperatively then use nm2nix)
           autoconnect = true;
         };
         "10-ether-1G" = mylib.networking.mkStaticNetworkManagerProfile {
@@ -50,7 +50,7 @@
           interface = "enp5s0";
           ip = "192.168.86.50/24";
           router = "192.168.86.5";
-          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8
+          nameserver = "192.168.86.26"; # TODO: Add fallback 8.8.8.8 (create imperatively then use nm2nix)
           autoconnect = false;
         };
       };
diff --git a/system/servenix/default.nix b/system/servenix/default.nix
index 91d632e7..a42b6bf7 100644
--- a/system/servenix/default.nix
+++ b/system/servenix/default.nix
@@ -52,7 +52,7 @@
           interface = "ens18";
           ips = ["192.168.86.25/24"];
           routers = ["192.168.86.5"];
-          nameservers = ["192.168.86.26" "8.8.8.8"];
+          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 192.168.86.26
           routable = true;
         };
       };
diff --git a/system/thinknix/default.nix b/system/thinknix/default.nix
index b8b57129..a505d1b7 100644
--- a/system/thinknix/default.nix
+++ b/system/thinknix/default.nix
@@ -40,7 +40,7 @@
           interface = "ens18";
           ips = ["192.168.86.26/24"];
           routers = ["192.168.86.5"];
-          nameservers = ["127.0.0.1" "8.8.8.8"];
+          nameservers = ["8.8.8.8"]; # NOTE: Use reliable DNS for servers instead of 127.0.0.1
           routable = true;
         };
       };
@@ -69,20 +69,28 @@
     #   ${pkgs.iproute2}/bin/ip netns add ${name}
     # '';
 
+    # postSetup = ''
+    #   ${pkgs.iptables}/bin/iptables -A FORWARD -i vps-wg-client -j ACCEPT
+    #   ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
+    # '';
+    # postShutdown = ''
+    #   ${pkgs.iptables}/bin/iptables -D FORWARD -i vps-wg-client -j ACCEPT
+    #   ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
+    # '';
     postSetup = ''
-      ${pkgs.iptables}/bin/iptables -A FORWARD -i vps-wg-client -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE
+      ${pkgs.iptables} -A FORWARD -i wg0-client -j ACCEPT
+      ${pkgs.iptables} -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     '';
     postShutdown = ''
-      ${pkgs.iptables}/bin/iptables -D FORWARD -i vps-wg-client -j ACCEPT
-      ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE
+      ${pkgs.iptables} -D FORWARD -i wg0-client -j ACCEPT
+      ${pkgs.iptables} -t nat -D POSTROUTING -o eth0 -j MASQUERADE
     '';
 
     peers = [
       {
         name = "chriphost-vps";
         publicKey = "w/U8p9fizw0jk8PFaMZXV1N49Ws+q6mUHzNFYtoDTS8=";
-        endpoint = "vps.chriphost.de:51820";
+        endpoint = "212.227.233.241:51820";
         allowedIPs = [
           "10.10.10.0/24"
         ];