jahanson/nix-config-tn
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2024-07-08. You can view files and clone it, but cannot push or open issues or pull requests.
nix-config-tn/nixos/hosts/common/optional/dnscrypt-proxy2.nix

44 lines
1.5 KiB
Nix
Raw Normal View History

feat: initial commit
2024-03-13 06:55:17 -05:00
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
{ inputs, outputs, pkgs, config, ... }: {
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
fix: setting up sops
2024-03-16 07:46:36 -05:00
config.services.resolved.enable = false;
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
# causing a risk of no dns if service fails.
config.networking = {
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
feat: initial commit
2024-03-13 06:55:17 -05:00
dhcpcd.extraConfig = "nohook resolv.conf";
};
feat: sops on dnscrypt
2024-03-16 08:19:54 -05:00
config.users.users.dnscrypt.isSystemUser = true;
config.users.users.dnscrypt.group = "dnscrypt";
config.users.groups.dnscrypt = { };
fix: setting up sops
2024-03-16 07:46:36 -05:00
# configure secret for forwarding rules
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
feat: sops on dnscrypt
2024-03-16 08:19:54 -05:00
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444";
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path = "/run/dnscrypt-forwarding-rules.txt";
fix: setting up sops
2024-03-16 07:46:36 -05:00
# Restart dnscrypt when secret changes
feat: sops on dnscrypt
2024-03-16 08:19:54 -05:00
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
fix: setting up sops
2024-03-16 07:46:36 -05:00
config.services.dnscrypt-proxy2 = {
feat: initial commit
2024-03-13 06:55:17 -05:00
enable = true;
settings = {
fix: setting up sops
2024-03-16 07:46:36 -05:00
require_dnssec = true;
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
server_names = [ "NextDNS-f6fe35" ];
static = {
"NextDNS-f6fe35" = {
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
feat: initial commit
2024-03-13 06:55:17 -05:00
};
fix: setting up sops
2024-03-16 07:46:36 -05:00
};
feat: initial commit
2024-03-13 06:55:17 -05:00
};
};
}
Reference in a new issue Copy permalink