pie/wireguard: don't use wireguard DNS

This commit is contained in:
Benjamin Yule Bädorf 2024-02-06 09:44:41 +01:00
parent ee7d2cbf49
commit b4e559155a
Signed by: b12f
GPG key ID: 729956E1124F8F26
3 changed files with 8 additions and 2 deletions

View file

@ -29,6 +29,7 @@
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
pub-solar.wireguard-client = { pub-solar.wireguard-client = {
useDNS = false;
ownIPs = [ ownIPs = [
"10.0.1.2/32" "10.0.1.2/32"
"fd00:b12f:acab:1312:acab:2::/96" "fd00:b12f:acab:1312:acab:2::/96"

View file

@ -81,6 +81,11 @@
forward-addr = [ forward-addr = [
"10.0.1.7" "10.0.1.7"
"fd00:b12f:acab:1312:acab:7::" "fd00:b12f:acab:1312:acab:7::"
"193.110.81.0#dns0.eu"
"2a0f:fc80::#dns0.eu"
"185.253.5.0#dns0.eu"
"2a0f:fc81::#dns0.eu"
]; ];
forward-tls-upstream = "yes"; forward-tls-upstream = "yes";
} }

View file

@ -67,10 +67,10 @@ in {
mtu = 1300; mtu = 1300;
ips = cfg.ownIPs; ips = cfg.ownIPs;
privateKeyFile = cfg.wireguardPrivateKeyFile; privateKeyFile = cfg.wireguardPrivateKeyFile;
postSetup = '' postSetup = lib.mkIf cfg.useDNS ''
printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
''; '';
postShutdown = '' postShutdown = lib.mkIf cfg.useDNS ''
resolvconf -d wg0 -f resolvconf -d wg0 -f
''; '';
peers = [ peers = [