xin/configs/dns.nix

38 lines
869 B
Nix
Raw Normal View History

2023-07-11 09:12:50 -06:00
{
config,
lib,
...
}:
2022-08-25 12:21:35 -06:00
with lib; {
options = {
preDNS = {
enable = mkOption {
description = "Enable DNSSEC";
default = true;
example = true;
type = lib.types.bool;
};
};
};
config = mkIf config.preDNS.enable {
services = {
openntpd.enable = true;
resolved = {
enable = true;
dnssec = "allow-downgrade";
# TODO: Enable a toggle for ipv6
2023-07-11 09:12:50 -06:00
fallbackDns = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"];
2022-08-25 12:21:35 -06:00
extraConfig = ''
[Resolve]
DNS=45.90.28.0#8436c6.dns1.nextdns.io
DNS=2a07:a8c0::#8436c6.dns1.nextdns.io
DNS=45.90.30.0#8436c6.dns2.nextdns.io
DNS=2a07:a8c1::#8436c6.dns2.nextdns.io
DNSOverTLS=yes
2023-07-11 09:12:50 -06:00
'';
2022-08-25 12:21:35 -06:00
};
};
}; # tailscale and what not have no preDNS
}