2023-09-12 08:44:05 -06:00
|
|
|
{ config
|
|
|
|
, lib
|
|
|
|
, ...
|
2023-07-11 09:12:50 -06:00
|
|
|
}:
|
2022-08-25 12:21:35 -06:00
|
|
|
with lib; {
|
|
|
|
options = {
|
|
|
|
preDNS = {
|
|
|
|
enable = mkOption {
|
|
|
|
description = "Enable DNSSEC";
|
|
|
|
default = true;
|
|
|
|
example = true;
|
|
|
|
type = lib.types.bool;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf config.preDNS.enable {
|
|
|
|
services = {
|
|
|
|
openntpd.enable = true;
|
|
|
|
resolved = {
|
|
|
|
enable = true;
|
|
|
|
dnssec = "allow-downgrade";
|
|
|
|
# TODO: Enable a toggle for ipv6
|
2023-09-12 08:44:05 -06:00
|
|
|
fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ];
|
2022-08-25 12:21:35 -06:00
|
|
|
extraConfig = ''
|
|
|
|
[Resolve]
|
2024-01-08 07:23:21 -07:00
|
|
|
DNS=45.90.28.0#8436c6.dns.nextdns.io
|
|
|
|
DNS=2a07:a8c0::#8436c6.dns.nextdns.io
|
|
|
|
DNS=45.90.30.0#8436c6.dns.nextdns.io
|
|
|
|
DNS=2a07:a8c1::#8436c6.dns.nextdns.io
|
2022-08-25 12:21:35 -06:00
|
|
|
DNSOverTLS=yes
|
2023-07-11 09:12:50 -06:00
|
|
|
'';
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}; # tailscale and what not have no preDNS
|
|
|
|
}
|