feat(whitby): Hardcode Google DNS servers r/1363

The Hetzner DNS servers were unhappy after today's Cloudflare outage,
and that broke some of our builds - this wouldn't have happened with
Google DNS!

Change-Id: Ib74c6de9526e739f55d4a9830d945ece35b72138
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1259
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>

1 files changed, 18 insertions, 2 deletions

diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index e3f33350c4..2229b44dd7 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -12,7 +12,7 @@ let
     mkdir -p $out/bin
     ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command
   '';
-in {
+in lib.fix(self: {
   inherit depot;
   imports = [
     "${depot.depotPath}/ops/nixos/clbot.nix"
@@ -106,9 +106,16 @@ in {
     # Glass is boring, but Luke doesn't like Wapping - the Prospect of
     # Whitby, however, is quite a pleasant establishment.
     hostName = "whitby";
+    domain = "tvl.fyi";
     hostId = "b38ca543";
     useDHCP = false;
 
+    # Don't use Hetzner's DNS servers.
+    nameservers = [
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+
     defaultGateway6 = {
       address = "fe80::1";
       interface = "enp196s0";
@@ -125,6 +132,15 @@ in {
     ];
   };
 
+  # Generate an immutable /etc/resolv.conf from the nameserver settings
+  # above (otherwise DHCP overwrites it):
+  environment.etc."resolv.conf" = with lib; {
+    source = depot.third_party.writeText "resolv.conf" ''
+      ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") self.networking.nameservers)}
+      options edns0
+    '';
+  };
+
   time.timeZone = "UTC";
 
   nix = {
@@ -298,4 +314,4 @@ in {
   };
 
   system.stateVersion = "20.03";
-}
+})