shinobu/router: Use dns over https

For some reason, this makes DNS more reliable.
2023-09-20 22:11:24 +02:00 · 2023-09-20 22:11:24 +02:00 · b10b83c207
parent f1c70dce99
commit b10b83c207
1 changed files with 11 additions and 4 deletions
--- a/machines/shinobu/services/router.nix
+++ b/machines/shinobu/services/router.nix
@ -207,7 +207,6 @@ in
      wg-upstream = {
        name = "wg-upstream";
        address = [ "10.66.208.88/32" "fc00:bbbb:bbbb:bb01::3:d057/128" ];
-        dns = [ "10.64.0.1" ];
        routingPolicyRules = [
          {
            routingPolicyRuleConfig = {
@ -313,9 +312,8 @@ in
      # but from lan instead.
      # So it has to use static configuration.
      host-record = "switchviech,switchviech.${domain},10.80.1.19";
-      server = config.systemd.network.networks.wg-upstream.dns ++ [
-        #"9.9.9.9" # dns.quad9.net
-        #"2620:fe::fe"
+      server = [
+        "127.0.0.1#5053"
      ];
    };
  };
@ -387,4 +385,13 @@ in
      UMask = "0077";
    };
  };
+
+  services.https-dns-proxy = {
+    enable = true;
+    provider = {
+      kind = "custom";
+      ips = [ "9.9.9.9" "149.112.112.112" ];
+      url = "https://dns.quad9.net/dns-query";
+    };
+  };
 }