From b4e559155ae575547f26fc9e721a5775bca619f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20Yule=20B=C3=A4dorf?= Date: Tue, 6 Feb 2024 09:44:41 +0100 Subject: [PATCH] pie/wireguard: don't use wireguard DNS --- hosts/pie/networking.nix | 1 + hosts/pie/unbound.nix | 5 +++++ modules/wireguard-client/default.nix | 4 ++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/pie/networking.nix b/hosts/pie/networking.nix index 33c8f3d..4f7d234 100644 --- a/hosts/pie/networking.nix +++ b/hosts/pie/networking.nix @@ -29,6 +29,7 @@ age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age"; pub-solar.wireguard-client = { + useDNS = false; ownIPs = [ "10.0.1.2/32" "fd00:b12f:acab:1312:acab:2::/96" diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index c8ddf1e..bf5bdbc 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -81,6 +81,11 @@ forward-addr = [ "10.0.1.7" "fd00:b12f:acab:1312:acab:7::" + + "193.110.81.0#dns0.eu" + "2a0f:fc80::#dns0.eu" + "185.253.5.0#dns0.eu" + "2a0f:fc81::#dns0.eu" ]; forward-tls-upstream = "yes"; } diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix index f89ac57..260e077 100644 --- a/modules/wireguard-client/default.nix +++ b/modules/wireguard-client/default.nix @@ -67,10 +67,10 @@ in { mtu = 1300; ips = cfg.ownIPs; privateKeyFile = cfg.wireguardPrivateKeyFile; - postSetup = '' + postSetup = lib.mkIf cfg.useDNS '' printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x ''; - postShutdown = '' + postShutdown = lib.mkIf cfg.useDNS '' resolvconf -d wg0 -f ''; peers = [