repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

harden dns

Browse Source
This commit is contained in:
Joakim Repomaa
2026-05-29 19:16:57 +03:00
parent e586c318c0
commit 28c69bce7f
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hosts/freun-dev/configuration.nix
View File

@@ -106,6 +106,12 @@ in
};
};
services.resolved = {
enable = true;
dnsovertls = "opportunistic";
dnssec = "allow-downgrade";
};
services.networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {

13
modules/services/adguardhome.nix
View File

@@ -46,7 +46,18 @@ in
certificate_chain_path = "/run/credentials/adguardhome.service/fullchain.pem";
private_key_path = "/run/credentials/adguardhome.service/key.pem";
};
dns.bind_hosts = tailscaleIps;
dns = {
bind_hosts = tailscaleIps;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://cloudflare-dns.com/dns-query"
"https://dns.google/dns-query"
];
fallback_dns = [
"https://cloudflare-dns.com/dns-query"
"https://dns.google/dns-query"
];
};
};
};