summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--system/settings/hardware/network-manager.nix38
1 files changed, 20 insertions, 18 deletions
diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix
index 4fc762d5..9b0e2532 100644
--- a/system/settings/hardware/network-manager.nix
+++ b/system/settings/hardware/network-manager.nix
@@ -1,30 +1,32 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
+let
+  nextdnsConfig = "abd6e5";
+  hostname = config.networking.hostName;
+in
 {
   networking = {
     networkmanager = {
       enable = true;
-      dns = "none";
+      dns = lib.mkForce "none";
+    };
+    resolvconf = {
+      useLocalResolver = true;
     };
   };
 
-  services.unbound = {
-    enable = true;
-    forwardAddresses = [ "127.0.0.1@5353" ];
-  };
-  services.stubby = {
+  services.kresd = {
     enable = true;
-    roundRobinUpstreams = false;
-    listenAddresses = [ "127.0.0.1@5353" "0::1@5353" ];
-    upstreamServers = ''
-      - address_data: 45.90.28.0
-        tls_auth_name: "abd6e5.dns1.nextdns.io"
-      - address_data: 2a07:a8c0::0
-        tls_auth_name: "abd6e5.dns1.nextdns.io"
-      - address_data: 45.90.30.0
-        tls_auth_name: "abd6e5.dns2.nextdns.io"
-      - address_data: 2a07:a8c1::0
-        tls_auth_name: "abd6e5.dns2.nextdns.io"
+    extraConfig = ''
+      cache.size = 100*MB
+      cache.min_ttl(3 * 3600)
+
+      policy.add(policy.all(policy.TLS_FORWARD({
+        {'45.90.28.0', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'},
+        {'2a07:a8c0::', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'},
+        {'45.90.30.0', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'},
+        {'2a07:a8c1::', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'}
+      })))
     '';
   };
   environment.systemPackages = with pkgs; [