nextdns: fix darwin incompatibility

Alan Pearce alan@alanpearce.eu

Fri, 29 Nov 2019 18:57:04 +0100

commit

0d8bb44c1187043427c2882b71fc03af12a6fe43

parent

e786b823d0537ccd6946fa93322ce260c6f37f00

1 files changed, 33 insertions(+), 26 deletions(-)

jump to

system/modules/nextdns.nix

M system/modules/nextdns.nix → system/modules/nextdns.nix

@@ -8,6 +8,34 @@   cfg = config.networking.nextdns;
 
   identifyingPrefix = if cfg.identifyDevice then "${config.networking.hostName}-" else "";
+
+  kresdConfig = {
+    enable = true;
+    extraConfig = ''
+      policy.add(policy.all(policy.TLS_FORWARD({
+        {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
+        {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
+      })))
+    '';
+  };
+
+  stubbyConfig = {
+    enable = true;
+    fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
+    roundRobinUpstreams = lib.mkDefault false;
+    upstreamServers = ''
+      - address_data: 45.90.28.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+      - address_data: 2a07:a8c0::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+      - address_data: 45.90.30.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+      - address_data: 2a07:a8c1::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+    '';
+  };
 in
 {
   options = {
@@ -59,31 +87,10 @@ } else {       networkmanager.dns = "none";
       resolvconf.useLocalResolver = true;
     };
-    services.kresd = mkIf (cfg.resolver == "kresd") {
-      enable = true;
-      extraConfig = ''
-        policy.add(policy.all(policy.TLS_FORWARD({
-        {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-        {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-        {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
-        {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
-        })))
-      '';
-    };
-    services.stubby = mkIf (cfg.resolver == "stubby") {
-      enable = true;
-      fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
-      roundRobinUpstreams = lib.mkDefault false;
-      upstreamServers = ''
-        - address_data: 45.90.28.0
-        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-        - address_data: 2a07:a8c0::0
-        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-        - address_data: 45.90.30.0
-        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-        - address_data: 2a07:a8c1::0
-        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-      '';
-    };
+    services = {
+      stubby = mkIf (cfg.resolver == "stubby") stubbyConfig;
+    } // (if !stdenv.isDarwin then {
+      kresd = mkIf (cfg.resolver == "kresd") kresdConfig;
+    } else {});
   };
 }

all repos — nixfiles @ 0d8bb44c1187043427c2882b71fc03af12a6fe43

System and user configuration, managed by nix and home-manager