modules/wireguard: use domain-specific DNS

2024-10-01 15:31:25 +02:00 · 2024-10-01 15:31:25 +02:00 · 0b8e4e2fab
parent f721a54007
commit 0b8e4e2fab
2 changed files with 5 additions and 8 deletions
--- a/modules/wireguard/ehex.nix
+++ b/modules/wireguard/ehex.nix
@ -1,5 +1,6 @@
 {
  lib,
+  pkgs,
  config,
  ...
 }: let
@ -32,10 +33,8 @@ in {
        ips = cfg.ownIPs;
        privateKeyFile = cfg.privateKeyFile;
        postSetup = ''
-          printf "nameserver 10.0.66.10\nnameserver 10.0.66.12" | resolvconf -a wg-ehex -m 0 -x
-        '';
-        postShutdown = ''
-          resolvconf -d wg-ehex -f
+          ${pkgs.systemd}/bin/resolvectl dns wg-ehex 10.0.66.10 10.0.66.12
+          ${pkgs.systemd}/bin/resolvectl domain wg-ehex ehex.cloud
        '';
        peers = [
          {
--- a/modules/wireguard/private.nix
+++ b/modules/wireguard/private.nix
@ -57,7 +57,8 @@ in {
          + (
            if cfg.useDNS
            then ''
-              printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x
+              ${pkgs.systemd}/bin/resolvectl dns wg-private 10.13.12.7 fd00:b12f:acab:1312:acab:7::
+              ${pkgs.systemd}/bin/resolvectl domain wg-private ~.
            ''
            else ""
          )
@ -76,9 +77,6 @@ in {
            ''
            else ""
          );
-        postShutdown = lib.mkIf cfg.useDNS ''
-          resolvconf -d wg-private -f
-        '';
        peers = [
          {
            # frikandel