pie/wireguard: don't use wireguard DNS

This commit is contained in:
Benjamin Yule Bädorf 2024-02-06 09:44:41 +01:00
parent ee7d2cbf49
commit b4e559155a
Signed by: b12f
GPG key ID: 729956E1124F8F26
3 changed files with 8 additions and 2 deletions

View file

@ -29,6 +29,7 @@
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";
pub-solar.wireguard-client = {
useDNS = false;
ownIPs = [
"10.0.1.2/32"
"fd00:b12f:acab:1312:acab:2::/96"

View file

@ -81,6 +81,11 @@
forward-addr = [
"10.0.1.7"
"fd00:b12f:acab:1312:acab:7::"
"193.110.81.0#dns0.eu"
"2a0f:fc80::#dns0.eu"
"185.253.5.0#dns0.eu"
"2a0f:fc81::#dns0.eu"
];
forward-tls-upstream = "yes";
}

View file

@ -67,10 +67,10 @@ in {
mtu = 1300;
ips = cfg.ownIPs;
privateKeyFile = cfg.wireguardPrivateKeyFile;
postSetup = ''
postSetup = lib.mkIf cfg.useDNS ''
printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
'';
postShutdown = ''
postShutdown = lib.mkIf cfg.useDNS ''
resolvconf -d wg0 -f
'';
peers = [