anonymous dns module
This commit is contained in:
parent
3afeaa8934
commit
9ee0b504b1
@ -7,8 +7,6 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
nameservers = [ "127.0.0.1" "::1" ];
|
|
||||||
dhcpcd.extraConfig = "nohook resolv.conf";
|
|
||||||
firewall = pkgs.lib.mkForce {
|
firewall = pkgs.lib.mkForce {
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
@ -62,31 +60,6 @@
|
|||||||
PermitRootLogin = "prohibit-password";
|
PermitRootLogin = "prohibit-password";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
dnscrypt-proxy2 = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
cache = false;
|
|
||||||
ipv4_servers = true;
|
|
||||||
ipv6_servers = true;
|
|
||||||
dnscrypt_servers = true;
|
|
||||||
doh_servers = false;
|
|
||||||
odoh_servers = false;
|
|
||||||
require_dnssec = true;
|
|
||||||
require_nolog = true;
|
|
||||||
require_nofilter = true;
|
|
||||||
anonymized_dns = {
|
|
||||||
routes = [{ server_name = "*"; via = [ "sdns://gQ8yMTcuMTM4LjIyMC4yNDM" ]; }];
|
|
||||||
};
|
|
||||||
sources.public-resolvers = {
|
|
||||||
urls = [
|
|
||||||
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
|
|
||||||
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
|
|
||||||
];
|
|
||||||
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
|
|
||||||
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
systemd = {
|
systemd = {
|
||||||
timers = {
|
timers = {
|
||||||
|
@ -22,7 +22,7 @@ in
|
|||||||
nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]);
|
nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]);
|
||||||
nova-ai = novaConfig (with mods; [ ivand ai ]);
|
nova-ai = novaConfig (with mods; [ ivand ai ]);
|
||||||
install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); };
|
install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); };
|
||||||
vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx wireguard-output ]); };
|
vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx wireguard-output anonymous-dns ]); };
|
||||||
stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); };
|
stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); };
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -451,5 +451,38 @@ top@{ inputs, moduleWithSystem, ... }: {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
anonymous-dns = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
|
||||||
|
networking = {
|
||||||
|
nameservers = [ "127.0.0.1" "::1" ];
|
||||||
|
dhcpcd.extraConfig = "nohook resolv.conf";
|
||||||
|
};
|
||||||
|
services = {
|
||||||
|
dnscrypt-proxy2 = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
cache = false;
|
||||||
|
ipv4_servers = true;
|
||||||
|
ipv6_servers = true;
|
||||||
|
dnscrypt_servers = true;
|
||||||
|
doh_servers = false;
|
||||||
|
odoh_servers = false;
|
||||||
|
require_dnssec = true;
|
||||||
|
require_nolog = true;
|
||||||
|
require_nofilter = true;
|
||||||
|
anonymized_dns = {
|
||||||
|
routes = [{ server_name = "*"; via = [ "sdns://gQ8yMTcuMTM4LjIyMC4yNDM" ]; }];
|
||||||
|
};
|
||||||
|
sources.public-resolvers = {
|
||||||
|
urls = [
|
||||||
|
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
|
||||||
|
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
|
||||||
|
];
|
||||||
|
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
|
||||||
|
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user