From a551b1a4227de9d0ebfea70d65614d0c63d092e9 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Wed, 23 Oct 2019 12:00:10 +0200 Subject: network-manager: use unbound+stubby for cached DNS-over-TLS --- system/settings/hardware/network-manager.nix | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix index f28548a1..4fc762d5 100644 --- a/system/settings/hardware/network-manager.nix +++ b/system/settings/hardware/network-manager.nix @@ -1,10 +1,32 @@ { config, pkgs, ... }: -{ networking.networkmanager = { - enable = true; - dns = "unbound"; +{ + networking = { + networkmanager = { + enable = true; + dns = "none"; + }; }; + services.unbound = { + enable = true; + forwardAddresses = [ "127.0.0.1@5353" ]; + }; + services.stubby = { + enable = true; + roundRobinUpstreams = false; + listenAddresses = [ "127.0.0.1@5353" "0::1@5353" ]; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "abd6e5.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "abd6e5.dns2.nextdns.io" + ''; + }; environment.systemPackages = with pkgs; [ networkmanagerapplet networkmanager_dmenu -- cgit 1.4.1