feat(networking): replace nextdns with self-hosted adguardhome

2025-05-10 17:24:29 +02:00 · 2025-05-10 17:24:29 +02:00 · 3fbf1a4436
commit 3fbf1a4436
parent 09554029fe
1 changed files with 29 additions and 14 deletions
--- a/system/networking.nix
+++ b/system/networking.nix
@ -1,10 +1,25 @@
-{ config, ... }:
+{ config, lib, ... }:

+let
+  isAdguardHost = config.services.adguardhome.enable;
+  nameservers = {
+    local = [
+      "127.0.0.1"
+      "::1"
+    ];
+    remote = [
+      # LAN
+      "192.168.1.102#dns.felschr.com"
+      "fd1c:ca95:d74d::102#dns.felschr.com"
+
+      # Tailnet
+      "100.97.32.60#dns.felschr.com"
+      "fd7a:115c:a1e0::a0a1:203c#dns.felschr.com"
+    ];
+  };
+in
 {
-  networking.nameservers = [
-    "127.0.0.1"
-    "::1"
-  ];
+  networking.nameservers = if isAdguardHost then nameservers.local else nameservers.remote;

  networking.nftables.enable = true;
  networking.networkmanager = {
@ -20,15 +35,15 @@
  services.dnsmasq.enable = false;
  services.resolved = {
    enable = true;
-    # don't use fallback resolvers
-    fallbackDns = [ ];
-  };
-
-  services.nextdns = {
-    enable = true;
-    arguments = [
-      "-config"
-      "b8e2f7"
+    dnsovertls = if isAdguardHost then "opportunistic" else "true";
+    fallbackDns = [
+      "194.242.2.2#dns.mullvad.net"
+      "194.242.2.4#base.dns.mullvad.net"
+      "1.1.1.1#one.one.one.one"
+      "1.0.0.1#one.one.one.one"
    ];
+    extraConfig = lib.mkIf isAdguardHost ''
+      DNSStubListener=no
+    '';
  };
 }