From 21fedc95280e015a3cc415e51d6607e5ca603ba8 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Fri, 22 Nov 2019 22:13:49 +0100 Subject: nextdns: fix infinite recursion --- system/modules/nextdns.nix | 57 ++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 30 deletions(-) (limited to 'system') diff --git a/system/modules/nextdns.nix b/system/modules/nextdns.nix index 6de4acdb..2b7cd23b 100644 --- a/system/modules/nextdns.nix +++ b/system/modules/nextdns.nix @@ -56,37 +56,34 @@ in "45.90.30.25" ]; } else { - networking.networkmanager.dns = "none"; + networkmanager.dns = "none"; resolvconf.useLocalResolver = true; }; - services = if cfg.resolver == "kresd" then { - kresd = { - enable = true; - extraConfig = '' - policy.add(policy.all(policy.TLS_FORWARD({ - {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, - {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, - {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} - }))) - ''; - }; - } else if cfg.resolver == "stubby" then { - stubby = { - enable = cfg.resolver == "stubby"; - fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; - roundRobinUpstreams = lib.mkDefault false; - upstreamServers = '' - - address_data: 45.90.28.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 2a07:a8c0::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" - - address_data: 45.90.30.0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - - address_data: 2a07:a8c1::0 - tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" - ''; - }; - } else abort "Cannot configure resolver ${cfg.resolver}"; + services.kresd = mkIf (cfg.resolver == "kresd") { + enable = true; + extraConfig = '' + policy.add(policy.all(policy.TLS_FORWARD({ + {'45.90.28.0', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'2a07:a8c0::', hostname='${identifyingPrefix}${cfg.configID}.dns1.nextdns.io'}, + {'45.90.30.0', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'}, + {'2a07:a8c1::', hostname='${identifyingPrefix}${cfg.configID}.dns2.nextdns.io'} + }))) + ''; + }; + services.stubby = mkIf (cfg.resolver == "stubby") { + enable = true; + fallbackProtocols = lib.mkDefault [ "GETDNS_TRANSPORT_TLS" ]; + roundRobinUpstreams = lib.mkDefault false; + upstreamServers = '' + - address_data: 45.90.28.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 2a07:a8c0::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns1.nextdns.io" + - address_data: 45.90.30.0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + - address_data: 2a07:a8c1::0 + tls_auth_name: "${identifyingPrefix}${cfg.configID}.dns2.nextdns.io" + ''; + }; }; } -- cgit 1.4.1