summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--system/modules/nextdns.nix57
1 files changed, 27 insertions, 30 deletions
diff --git a/system/modules/nextdns.nix b/system/modules/nextdns.nix
index 6de4acdb..2b7cd23b 100644
--- a/system/modules/nextdns.nix
+++ b/system/modules/nextdns.nix
@@ -56,37 +56,34 @@ in
         "45.90.30.25"
       ];
     } else {
-      networking.networkmanager.dns = "none";
+      networkmanager.dns = "none";
       resolvconf.useLocalResolver = true;
     };
-    services = if cfg.resolver == "kresd" then {
-      kresd = {
-        enable = true;
-        extraConfig = ''
-          policy.add(policy.all(policy.TLS_FORWARD({
-            {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-            {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
-            {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
-            {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
-          })))
-        '';
-      };
-    } else if cfg.resolver == "stubby" then {
-      stubby = {
-        enable = cfg.resolver == "stubby";
-        fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
-        roundRobinUpstreams = lib.mkDefault false;
-        upstreamServers = ''
-          - address_data: 45.90.28.0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-          - address_data: 2a07:a8c0::0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
-          - address_data: 45.90.30.0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-          - address_data: 2a07:a8c1::0
-            tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
-        '';
-      };
-    } else abort "Cannot configure resolver ${cfg.resolver}";
+    services.kresd = mkIf (cfg.resolver == "kresd") {
+      enable = true;
+      extraConfig = ''
+        policy.add(policy.all(policy.TLS_FORWARD({
+        {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'},
+        {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'},
+        {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}
+        })))
+      '';
+    };
+    services.stubby = mkIf (cfg.resolver == "stubby") {
+      enable = true;
+      fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ];
+      roundRobinUpstreams = lib.mkDefault false;
+      upstreamServers = ''
+        - address_data: 45.90.28.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+        - address_data: 2a07:a8c0::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io"
+        - address_data: 45.90.30.0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+        - address_data: 2a07:a8c1::0
+        tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io"
+      '';
+    };
   };
 }