system/settings/services/kresd.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

{ config, lib, pkgs, ... }:

let
  nextdnsConfig = "abd6e5";
  hostname = config.networking.hostName;
in
{
  services.kresd = {
    enable = true;
    extraConfig = ''
      cache.size = 100*MB
      cache.min_ttl(3 * 3600)

      policy.add(policy.all(policy.TLS_FORWARD({
        {'45.90.28.0', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'},
        {'2a07:a8c0::', hostname='${hostname}-${nextdnsConfig}.dns1.nextdns.io'},
        {'45.90.30.0', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'},
        {'2a07:a8c1::', hostname='${hostname}-${nextdnsConfig}.dns2.nextdns.io'}
      })))
    '';
  };
}