Skip to content

Commit

Permalink
+
Browse files Browse the repository at this point in the history
  • Loading branch information
oluceps committed Oct 10, 2024
1 parent 43d4045 commit e9228d0
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 26 deletions.
1 change: 0 additions & 1 deletion hosts/kaambl/caddy.nix
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@
servers = {
srv0 = {
routes = [

];
tls_connection_policies = [
{
Expand Down
1 change: 1 addition & 0 deletions hosts/kaambl/network.nix
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
hosts = {
"127.0.0.1" = [
"kaambl.nyaw.xyz"
"dns.nyaw.xyz"
];
"10.0.1.1" = [ "nodens.nyaw.xyz" ];
"10.0.2.1" = [ "azasos.nyaw.xyz" ];
Expand Down
15 changes: 14 additions & 1 deletion hosts/kaambl/spec.nix
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,20 @@
phantomsocks.enable = true;
garage.enable = true;
dae.enable = true;
dnsproxy.enable = true;
dnsproxy = {
enable = true;
loadCert = true;
extraFlags = [
"--edns-addr=211.140.13.188"
"-l"
"127.0.0.1"
"--quic-port=853"
"--https-port=843"
"--http3"
"--tls-crt=/run/credentials/dnsproxy.service/nyaw.cert"
"--tls-key=/run/credentials/dnsproxy.service/nyaw.key"
];
};
earlyoom.enable = true;
arti.enable = true;
};
Expand Down
69 changes: 45 additions & 24 deletions repack/dnsproxy.nix
Original file line number Diff line number Diff line change
@@ -1,27 +1,48 @@
{ reIf, ... }:
reIf {
services.dnsproxy = {
enable = true;
flags = [
"--cache"
"--cache-optimistic"
"--edns"
"--http3"
];
settings = {
bootstrap = [
"119.29.29.29"
"tcp://223.6.6.6:53"
];
listen-addrs = [ "0.0.0.0" ];
listen-ports = [ 53 ];
upstream-mode = "parallel";
upstream = [
"quic://dns.alidns.com"
"1.1.1.1"
"h3://dns.alidns.com/dns-query"
"tls://dot.pub"
];
{ lib, config, ... }:
let
cfg = config.repack.dnsproxy;
in
{
options = {
repack.dnsproxy = {
extraFlags = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
};
loadCert = lib.mkEnableOption { };
};
};
config = lib.mkIf cfg.enable {
systemd.services.dnsproxy.serviceConfig.LoadCredential = lib.mkIf cfg.loadCert (
(map (lib.genCredPath config)) [
"nyaw.cert"
"nyaw.key"
]
);
services.dnsproxy = {
enable = true;
flags = [
"--cache"
"--cache-optimistic"
"--edns"
] ++ cfg.extraFlags;
settings = {
bootstrap = [
"8.8.8.8"
"119.29.29.29"
"tcp://223.6.6.6:53"
];
listen-addrs = [ "0.0.0.0" ];
listen-ports = [ 53 ];
upstream-mode = "parallel";
upstream = [
"quic://dns.alidns.com"
"sdns://AgcAAAAAAAAABzEuMC4wLjGgENk8mGSlIfMGXMOlIlCcKvq7AVgcrZxtjon911-ep0cg63Ul-I8NlFj4GplQGb_TTLiczclX57DvMV8Q-JdjgRgSZG5zLmNsb3VkZmxhcmUuY29tCi9kbnMtcXVlcnk"
"h3://dns.alidns.com/dns-query"
"tls://dot.pub"
];
};
};

};
}

0 comments on commit e9228d0

Please sign in to comment.