felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat: switch from dnscrypt-proxy to nextdns

Browse source
This commit is contained in:
Felix Schröter 2024-03-07 20:05:19 +01:00
parent 478ebafdbd
commit fe49304110
Signed by: felschr
GPG key ID: 671E39E6744C807D
1 changed files with 6 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
system/networking.nix
View file

@ -1,39 +1,18 @@
{ lib, ... }: { config, ... }:
{ {
networking.nameservers = [ "127.0.0.1" "::1" ]; networking.nameservers = [ "127.0.0.1" "::1" ];
networking.networkmanager.dns = "systemd-resolved";
services.dnsmasq.enable = false;
services.resolved = { services.resolved = {
enable = true; enable = true;
# don't use fallback resolvers # don't use fallback resolvers
fallbackDns = [ "127.0.0.1" "::1" ]; fallbackDns = config.networking.nameservers;
}; };
services.dnscrypt-proxy2 = { services.nextdns = {
enable = true; enable = true;
settings = { arguments = [ "-config" "b8e2f7" ];
listen_addresses = [ "127.0.0.1:53" "[::1]:53" ];
ipv6_servers = true;
require_nolog = true;
require_dnssec = true;
http3 = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key =
"RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
server_names = [ "mullvad-doh" "controld-unfiltered" ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = lib.mkForce "dnscrypt-proxy2";
}; };
} }