pie/wireguard: don't use wireguard DNS
This commit is contained in:
parent
ee7d2cbf49
commit
b4e559155a
|
@ -29,6 +29,7 @@
|
||||||
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
|
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
|
||||||
|
|
||||||
pub-solar.wireguard-client = {
|
pub-solar.wireguard-client = {
|
||||||
|
useDNS = false;
|
||||||
ownIPs = [
|
ownIPs = [
|
||||||
"10.0.1.2/32"
|
"10.0.1.2/32"
|
||||||
"fd00:b12f:acab:1312:acab:2::/96"
|
"fd00:b12f:acab:1312:acab:2::/96"
|
||||||
|
|
|
@ -81,6 +81,11 @@
|
||||||
forward-addr = [
|
forward-addr = [
|
||||||
"10.0.1.7"
|
"10.0.1.7"
|
||||||
"fd00:b12f:acab:1312:acab:7::"
|
"fd00:b12f:acab:1312:acab:7::"
|
||||||
|
|
||||||
|
"193.110.81.0#dns0.eu"
|
||||||
|
"2a0f:fc80::#dns0.eu"
|
||||||
|
"185.253.5.0#dns0.eu"
|
||||||
|
"2a0f:fc81::#dns0.eu"
|
||||||
];
|
];
|
||||||
forward-tls-upstream = "yes";
|
forward-tls-upstream = "yes";
|
||||||
}
|
}
|
||||||
|
|
|
@ -67,10 +67,10 @@ in {
|
||||||
mtu = 1300;
|
mtu = 1300;
|
||||||
ips = cfg.ownIPs;
|
ips = cfg.ownIPs;
|
||||||
privateKeyFile = cfg.wireguardPrivateKeyFile;
|
privateKeyFile = cfg.wireguardPrivateKeyFile;
|
||||||
postSetup = ''
|
postSetup = lib.mkIf cfg.useDNS ''
|
||||||
printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
|
printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
|
||||||
'';
|
'';
|
||||||
postShutdown = ''
|
postShutdown = lib.mkIf cfg.useDNS ''
|
||||||
resolvconf -d wg0 -f
|
resolvconf -d wg0 -f
|
||||||
'';
|
'';
|
||||||
peers = [
|
peers = [
|
||||||
|
|
Loading…
Reference in a new issue