61 lines
1.3 KiB
Nix
61 lines
1.3 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
isAdguardHost = config.services.adguardhome.enable;
|
|
|
|
interfaces.eth = [
|
|
"enp*"
|
|
"eth*"
|
|
];
|
|
nameservers = {
|
|
local = [
|
|
"127.0.0.1"
|
|
"::1"
|
|
];
|
|
remote = [
|
|
# LAN
|
|
"192.168.1.102#dns.felschr.com"
|
|
"fd1c:ca95:d74d::102#dns.felschr.com"
|
|
|
|
# Tailnet
|
|
"100.97.32.60#dns.felschr.com"
|
|
"fd7a:115c:a1e0::a0a1:203c#dns.felschr.com"
|
|
];
|
|
};
|
|
in
|
|
{
|
|
networking.nameservers = if isAdguardHost then nameservers.local else nameservers.remote;
|
|
networking.search = [
|
|
"lan"
|
|
"tail05275.ts.net"
|
|
];
|
|
|
|
networking.nftables.enable = true;
|
|
networking.networkmanager.dns = "systemd-resolved";
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
wait-online.ignoredInterfaces = [ "tailscale0" ];
|
|
networks = {
|
|
"10-lan" = {
|
|
matchConfig.Name = interfaces.eth;
|
|
networkConfig.DHCP = "yes";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.dnsmasq.enable = false;
|
|
services.resolved = {
|
|
enable = true;
|
|
dnsovertls = if isAdguardHost then "opportunistic" else "true";
|
|
fallbackDns = [
|
|
"194.242.2.2#dns.mullvad.net"
|
|
"194.242.2.4#base.dns.mullvad.net"
|
|
"1.1.1.1#one.one.one.one"
|
|
"1.0.0.1#one.one.one.one"
|
|
];
|
|
extraConfig = lib.mkIf isAdguardHost ''
|
|
DNSStubListener=no
|
|
'';
|
|
};
|
|
}
|