diff options
| author | Alan Pearce | 2019-11-22 22:13:49 +0100 |
|---|---|---|
| committer | Alan Pearce | 2019-11-23 16:34:20 +0100 |
| commit | 21fedc95280e015a3cc415e51d6607e5ca603ba8 (patch) | |
| tree | 0c4657d489a82d814df37ccc88dfc21834d09bd0 /system/modules | |
| parent | d04c17a8d7c3f613e8bf19d949f0aa927df54fb7 (diff) | |
| download | nixfiles-21fedc95280e015a3cc415e51d6607e5ca603ba8.tar.lz nixfiles-21fedc95280e015a3cc415e51d6607e5ca603ba8.tar.zst nixfiles-21fedc95280e015a3cc415e51d6607e5ca603ba8.zip | |
nextdns: fix infinite recursion
Diffstat (limited to 'system/modules')
| -rw-r--r-- | system/modules/nextdns.nix | 57 |
1 files changed, 27 insertions, 30 deletions
diff --git a/system/modules/nextdns.nix b/system/modules/nextdns.nix index 6de4acdb..2b7cd23b 100644 --- a/system/modules/nextdns.nix +++ b/system/modules/nextdns.nix @@ -56,37 +56,34 @@ in "45.90.30.25" ]; } else { - networking.networkmanager.dns = "none"; + networkmanager.dns = "none"; resolvconf.useLocalResolver = true; }; - services = if cfg.resolver == "kresd" then { - kresd = { - enable = true; - extraConfig = '' - policy.add(policy.all(policy.TLS_FORWARD({ - {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, - {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} - }))) - ''; - }; - } else if cfg.resolver == "stubby" then { - stubby = { - enable = cfg.resolver == "stubby"; - fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; - roundRobinUpstreams = lib.mkDefault false; - upstreamServers = '' - - address_data: 45.90.28.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 2a07:a8c0::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 45.90.30.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - - address_data: 2a07:a8c1::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - ''; - }; - } else abort "Cannot configure resolver ${cfg.resolver}"; + services.kresd = mkIf (cfg.resolver == "kresd") { + enable = true; + extraConfig = '' + policy.add(policy.all(policy.TLS_FORWARD({ + {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, + {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} + }))) + ''; + }; + services.stubby = mkIf (cfg.resolver == "stubby") { + enable = true; + fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; + roundRobinUpstreams = lib.mkDefault false; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + ''; + }; }; } |