blob: ba6e9a21e1024e31b90086d859c082781e1dcd7c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
{
pkgs,
lib,
config,
inputs,
...
}: {
imports = [];
config = {
networking = {
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [];
checkReversePath = "loose";
};
networkmanager.enable = true;
useDHCP = false;
nameservers = ["127.0.0.1" "::1"];
networkmanager.dns = "none";
extraHosts = ''
100.99.246.128 pc
100.105.242.70 phone
100.109.155.123 vm
100.67.217.90 vps
'';
};
# Don't wait for network startup
# https://old.reddit.com/r/NixOS/comments/vdz86j/how_to_remove_boot_dependency_on_network_for_a
systemd = {
targets.network-online.wantedBy = pkgs.lib.mkForce []; # Normally ["multi-user.target"]
services.NetworkManager-wait-online.wantedBy = pkgs.lib.mkForce []; # Normally ["network-online.target"]
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = []; # tailscale magicdns
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
};
}
|