all repos — nixfiles @ 21fedc95280e015a3cc415e51d6607e5ca603ba8

System and user configuration, managed by nix and home-manager

nextdns: fix infinite recursion

Alan Pearce
commit

21fedc95280e015a3cc415e51d6607e5ca603ba8

parent

d04c17a8d7c3f613e8bf19d949f0aa927df54fb7

1 file changed, 27 insertions(+), 30 deletions(-)

jump to
M system/modules/nextdns.nixsystem/modules/nextdns.nix
@@ -56,37 +56,34 @@ "45.90.28.25"
         "45.90.30.25"
       ];
     } else {
-      networking.networkmanager.dns = "none";
+      networkmanager.dns = "none";
       resolvconf.useLocalResolver = true;
     };
-    services = if cfg.resolver == "kresd" then {
-      kresd = {
-        enable = true;
-        extraConfig = ''
-          policy.add(policy.all(policy.TLS_FORWARD({
-            {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-            {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-            {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
-            {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
-          })))
-        '';
-      };
-    } else if cfg.resolver == "stubby" then {
-      stubby = {
-        enable = cfg.resolver == "stubby";
-        fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
-        roundRobinUpstreams = lib.mkDefault false;
-        upstreamServers = ''
-          - address_data: 45.90.28.0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-          - address_data: 2a07:a8c0::0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-          - address_data: 45.90.30.0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-          - address_data: 2a07:a8c1::0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-        '';
-      };
-    } else abort "Cannot configure resolver ${cfg.resolver}";
+    services.kresd = mkIf (cfg.resolver == "kresd") {
+      enable = true;
+      extraConfig = ''
+        policy.add(policy.all(policy.TLS_FORWARD({
+        {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
+        {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
+        })))
+      '';
+    };
+    services.stubby = mkIf (cfg.resolver == "stubby") {
+      enable = true;
+      fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
+      roundRobinUpstreams = lib.mkDefault false;
+      upstreamServers = ''
+        - address_data: 45.90.28.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+        - address_data: 2a07:a8c0::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+        - address_data: 45.90.30.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+        - address_data: 2a07:a8c1::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+      '';
+    };
   };
 }