diff options
-rw-r--r-- | system/settings/hardware/network-manager.nix | 38 |
1 files changed, 20 insertions, 18 deletions
diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix index 4fc762d5..9b0e2532 100644 --- a/system/settings/hardware/network-manager.nix +++ b/system/settings/hardware/network-manager.nix @@ -1,30 +1,32 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: +let + nextdnsConfig = "abd6e5"; + hostname = config.networking.hostName; +in { networking = { networkmanager = { enable = true; - dns = "none"; + dns = lib.mkForce "none"; + }; + resolvconf = { + useLocalResolver = true; }; }; - services.unbound = { - enable = true; - forwardAddresses = [ "127.0.0.1@5353" ]; - }; - services.stubby = { + services.kresd = { enable = true; - roundRobinUpstreams = false; - listenAddresses = [ "127.0.0.1@5353" "0::1@5353" ]; - upstreamServers = '' - - address_data: 45.90.28.0 - tls_auth_name: "abd6e5.dns1.nextdns.io" - - address_data: 2a07:a8c0::0 - tls_auth_name: "abd6e5.dns1.nextdns.io" - - address_data: 45.90.30.0 - tls_auth_name: "abd6e5.dns2.nextdns.io" - - address_data: 2a07:a8c1::0 - tls_auth_name: "abd6e5.dns2.nextdns.io" + extraConfig = '' + cache.size = 100*MB + cache.min_ttl(3 * 3600) + + policy.add(policy.all(policy.TLS_FORWARD({ + {'45.90.28.0', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'}, + {'2a07:a8c0::', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'}, + {'45.90.30.0', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'}, + {'2a07:a8c1::', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'} + }))) ''; }; environment.systemPackages = with pkgs; [ |