simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

fuuko/dnsmasq: Replace stubby/DoT with https-dns-proxy/DoH

Browse source
This commit is contained in:
Simon Bruder 2021-04-10 20:16:08 +02:00
parent bed82e297c
commit 746581ceba
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 13 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
machines/fuuko/services/dnsmasq.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
{ {
services.dnsmasq = { services.dnsmasq = {
@ -30,36 +30,18 @@
leasesPath = "/var/lib/dnsmasq/dnsmasq.leases"; leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
}; };
services.stubby = { systemd.services.https-dns-proxy = {
enable = true; after = [ "network.target" ];
listenAddresses = [ before = [ "nss-lookup.target" ];
"127.0.0.1@5353" wantedBy = [ "multi-user.target" ];
"0::1@5353"
]; serviceConfig = {
upstreamServers = (lib.concatMapStrings Type = "simple";
(server: with server; " - { address_data: ${addr}, tls_auth_name: \"${authName}\" }\n") ExecStart = "${pkgs.https-dns-proxy}/bin/https_dns_proxy -p 5353 -r https://dns.digitale-gesellschaft.ch/dns-query";
(lib.flatten Restart = "on-failure";
(lib.mapAttrsToList TimeoutStopSec = "10";
(authName: addrs: map (addr: { inherit addr authName; }) addrs) DynamicUser = true;
{ };
"dns.digitale-gesellschaft.ch" = [
"185.95.218.42"
"185.95.218.43"
"2a05:fc84::42"
"2a05:fc84::43"
];
"dns3.digitalcourage.de" = [
"5.9.164.112"
];
"dnsovertls.sinodun.com" = [
"145.100.185.15"
"2001:610:1:40ba:145:100:185:15"
];
"dnsovertls1.sinodun.com" = [
"145.100.185.16"
"2001:610:1:40ba:145:100:185:16"
];
})));
}; };
networking.firewall.allowedUDPPorts = [ 53 67 ]; networking.firewall.allowedUDPPorts = [ 53 67 ];