diff options
author | Alan Pearce | 2019-10-23 12:00:10 +0200 |
---|---|---|
committer | Alan Pearce | 2019-10-23 12:00:10 +0200 |
commit | a551b1a4227de9d0ebfea70d65614d0c63d092e9 (patch) | |
tree | 3fe0ed4e4b15308405632aae191f56340b312aaf | |
parent | e790af5945e38ab65fb75c105ad292b8da440d34 (diff) | |
download | nixfiles-a551b1a4227de9d0ebfea70d65614d0c63d092e9.tar.lz nixfiles-a551b1a4227de9d0ebfea70d65614d0c63d092e9.tar.zst nixfiles-a551b1a4227de9d0ebfea70d65614d0c63d092e9.zip |
network-manager: use unbound+stubby for cached DNS-over-TLS
-rw-r--r-- | system/settings/hardware/network-manager.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix index f28548a1..4fc762d5 100644 --- a/system/settings/hardware/network-manager.nix +++ b/system/settings/hardware/network-manager.nix @@ -1,10 +1,32 @@ { config, pkgs, ... }: -{ networking.networkmanager = { - enable = true; - dns = "unbound"; +{ + networking = { + networkmanager = { + enable = true; + dns = "none"; + }; }; + services.unbound = { + enable = true; + forwardAddresses = [ "127.0.0.1@5353" ]; + }; + services.stubby = { + enable = true; + roundRobinUpstreams = false; + listenAddresses = [ "127.0.0.1@5353" "0::1@5353" ]; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + ''; + }; environment.systemPackages = with pkgs; [ networkmanagerapplet networkmanager_dmenu |