anonymous dns module

2024-08-05 18:46:10 +02:00 · 2024-08-05 18:46:10 +02:00 · 9ee0b504b1
commit 9ee0b504b1
parent 3afeaa8934
3 changed files with 34 additions and 28 deletions
--- a/hosts/vps/mailserver/default.nix
+++ b/hosts/vps/mailserver/default.nix
@ -7,8 +7,6 @@
  };

  networking = {
-    nameservers = [ "127.0.0.1" "::1" ];
-    dhcpcd.extraConfig = "nohook resolv.conf";
    firewall = pkgs.lib.mkForce {
      enable = true;
      allowedTCPPorts = [
@ -62,31 +60,6 @@
        PermitRootLogin = "prohibit-password";
      };
    };
-    dnscrypt-proxy2 = {
-      enable = true;
-      settings = {
-        cache = false;
-        ipv4_servers = true;
-        ipv6_servers = true;
-        dnscrypt_servers = true;
-        doh_servers = false;
-        odoh_servers = false;
-        require_dnssec = true;
-        require_nolog = true;
-        require_nofilter = true;
-        anonymized_dns = {
-          routes = [{ server_name = "*"; via = [ "sdns://gQ8yMTcuMTM4LjIyMC4yNDM" ]; }];
-        };
-        sources.public-resolvers = {
-          urls = [
-            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
-            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
-          ];
-          cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
-          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
-        };
-      };
-    };
  };
  systemd = {
    timers = {
--- a/nixos/configs/default.nix
+++ b/nixos/configs/default.nix
@ -22,7 +22,7 @@ in
    nova-nonya = novaConfig (with mods; [ ivand anon cryptocurrency ]);
    nova-ai = novaConfig (with mods; [ ivand ai ]);
    install-iso = configWithModules { modules = (with mods; [ grub base shell wireless ]); };
-    vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx wireguard-output ]); };
+    vps = configWithModules { modules = (with mods; [ base shell security vps mailserver nginx wireguard-output anonymous-dns ]); };
    stara-miner = configWithModules { modules = (essential ++ [ mods.monero-miner ]); };
  };
 }
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -451,5 +451,38 @@ top@{ inputs, moduleWithSystem, ... }: {
        };
      };
    });
+    anonymous-dns = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: {
+      networking = {
+        nameservers = [ "127.0.0.1" "::1" ];
+        dhcpcd.extraConfig = "nohook resolv.conf";
+      };
+      services = {
+        dnscrypt-proxy2 = {
+          enable = true;
+          settings = {
+            cache = false;
+            ipv4_servers = true;
+            ipv6_servers = true;
+            dnscrypt_servers = true;
+            doh_servers = false;
+            odoh_servers = false;
+            require_dnssec = true;
+            require_nolog = true;
+            require_nofilter = true;
+            anonymized_dns = {
+              routes = [{ server_name = "*"; via = [ "sdns://gQ8yMTcuMTM4LjIyMC4yNDM" ]; }];
+            };
+            sources.public-resolvers = {
+              urls = [
+                "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+                "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+              ];
+              cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
+              minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+            };
+          };
+        };
+      };
+    });
  };
 }