nextdns: fix infinite recursion
Alan Pearce alan@alanpearce.eu
Fri, 22 Nov 2019 22:13:49 +0100
1 files changed, 27 insertions(+), 30 deletions(-)
jump to
M system/modules/nextdns.nix → system/modules/nextdns.nix
@@ -56,37 +56,34 @@ "45.90.28.25" "45.90.30.25" ]; } else { - networking.networkmanager.dns = "none"; + networkmanager.dns = "none"; resolvconf.useLocalResolver = true; }; - services = if cfg.resolver == "kresd" then { - kresd = { - enable = true; - extraConfig = '' - policy.add(policy.all(policy.TLS_FORWARD({ - {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, - {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} - }))) - ''; - }; - } else if cfg.resolver == "stubby" then { - stubby = { - enable = cfg.resolver == "stubby"; - fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; - roundRobinUpstreams = lib.mkDefault false; - upstreamServers = '' - - address_data: 45.90.28.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 2a07:a8c0::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 45.90.30.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - - address_data: 2a07:a8c1::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - ''; - }; - } else abort "Cannot configure resolver ${cfg.resolver}"; + services.kresd = mkIf (cfg.resolver == "kresd") { + enable = true; + extraConfig = '' + policy.add(policy.all(policy.TLS_FORWARD({ + {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, + {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} + }))) + ''; + }; + services.stubby = mkIf (cfg.resolver == "stubby") { + enable = true; + fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; + roundRobinUpstreams = lib.mkDefault false; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + ''; + }; }; }