summaryrefslogtreecommitdiffstats
path: root/lass/2configs/dns-stuff.nix
blob: 411b075034d8937a2cfac9b7232bab22531ce6f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{ config, pkgs, ... }:
with import <stockholm/lib>;
{
  services.dnscrypt-proxy = {
    enable = true;
    localAddress = "127.1.0.1";
    customResolver = {
      address = config.krebs.hosts.gum.nets.internet.ip4.addr;
      port = 15251;
      name = "2.dnscrypt-cert.euer.krebsco.de";
      key = "1AFC:E58D:F242:0FBB:9EE9:4E51:47F4:5373:D9AE:C2AB:DD96:8448:333D:5D79:272C:A44C";
    };
  };
  services.dnsmasq = {
    enable = true;
    resolveLocalQueries = false;
    extraConfig = ''
      server=127.1.0.1
      #no-resolv
      cache-size=1000
      min-cache-ttl=3600
      bind-dynamic
      all-servers
      dnssec
      trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
      rebind-domain-ok=/onion/
      server=/.onion/127.0.0.1#9053
      port=53
    '';
  };
  networking.extraResolvconfConf = ''
    name_servers='127.0.0.1'
  '';
}