From c5cdc1e4ab3eb3c623d1497d55eafe3baccd3e70 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@matterlabs.dev>
Date: Mon, 10 Feb 2025 10:46:34 +0100
Subject: [PATCH] feat(google-tdx): disable LLMNR and MulticastDNS

- Configured resolved service, disabling LLMNR and MulticastDNS
  for improved resolution settings.

- Removed commented-out Prometheus Node config

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
---
 packages/tdx_google/configuration.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/packages/tdx_google/configuration.nix b/packages/tdx_google/configuration.nix
index c25618c..9a23de8 100644
--- a/packages/tdx_google/configuration.nix
+++ b/packages/tdx_google/configuration.nix
@@ -26,6 +26,13 @@
   networking.firewall.allowedTCPPortRanges = [{ from = 1024; to = 65535; }];
   networking.firewall.allowedUDPPortRanges = [{ from = 1024; to = 65535; }];
 
+  services.resolved.enable = true;
+  services.resolved.llmnr = "false";
+  services.resolved.extraConfig = ''
+    [Resolve]
+    MulticastDNS=no
+  '';
+
   networking.useNetworkd = lib.mkDefault true;
 
   # don't fill up the logs
@@ -80,8 +87,6 @@
     disabledCollectors = [
       "textfile"
     ];
-    #openFirewall = true;
-    #firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
   };
 
   environment.systemPackages = with pkgs; [