pie/wireguard: don't use wireguard DNS

2024-02-06 09:44:41 +01:00 · 2024-02-06 09:44:41 +01:00 · b4e559155a
parent ee7d2cbf49
commit b4e559155a
3 changed files with 8 additions and 2 deletions
--- a/hosts/pie/networking.nix
+++ b/hosts/pie/networking.nix
@ -29,6 +29,7 @@
  age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-pie.age";

  pub-solar.wireguard-client = {
+    useDNS = false;
    ownIPs = [
      "10.0.1.2/32"
      "fd00:b12f:acab:1312:acab:2::/96"
--- a/hosts/pie/unbound.nix
+++ b/hosts/pie/unbound.nix
@ -81,6 +81,11 @@
          forward-addr = [
            "10.0.1.7"
            "fd00:b12f:acab:1312:acab:7::"
+
+            "193.110.81.0#dns0.eu"
+            "2a0f:fc80::#dns0.eu"
+            "185.253.5.0#dns0.eu"
+            "2a0f:fc81::#dns0.eu"
          ];
          forward-tls-upstream = "yes";
        }
--- a/modules/wireguard-client/default.nix
+++ b/modules/wireguard-client/default.nix
@ -67,10 +67,10 @@ in {
        mtu = 1300;
        ips = cfg.ownIPs;
        privateKeyFile = cfg.wireguardPrivateKeyFile;
-        postSetup = ''
+        postSetup = lib.mkIf cfg.useDNS ''
          printf "nameserver 10.0.1.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg0 -m 0 -x
        '';
-        postShutdown = ''
+        postShutdown = lib.mkIf cfg.useDNS ''
          resolvconf -d wg0 -f
        '';
        peers = [