network-manager: use unbound+stubby for cached DNS-over-TLS
Alan Pearce alan@alanpearce.eu
Wed, 23 Oct 2019 12:00:10 +0200
1 files changed, 25 insertions(+), 3 deletions(-)
M system/settings/hardware/network-manager.nix → system/settings/hardware/network-manager.nix
@@ -1,10 +1,32 @@ { config, pkgs, ... }: -{ networking.networkmanager = { - enable = true; - dns = "unbound"; +{ + networking = { + networkmanager = { + enable = true; + dns = "none"; + }; }; + services.unbound = { + enable = true; + forwardAddresses = [ "127.0.0.1@5353" ]; + }; + services.stubby = { + enable = true; + roundRobinUpstreams = false; + listenAddresses = [ "127.0.0.1@5353" "0::1@5353" ]; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + ''; + }; environment.systemPackages = with pkgs; [ networkmanagerapplet networkmanager_dmenu