il 2: move dnscrypt & dnsmasq to dns-stuff.nix

2017-05-22 17:28:19 +02:00 · 2017-05-22 17:28:19 +02:00 · 7545d799dd
parent fee2fa1958
commit 7545d799dd
3 changed files with 32 additions and 9 deletions
--- a/lass/2configs/baseX.nix
+++ b/lass/2configs/baseX.nix
@ -10,6 +10,7 @@ in {
    ./copyq.nix
    ./xresources.nix
    ./livestream.nix
+    ./dns-stuff.nix
    {
      hardware.pulseaudio = {
        enable = true;
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@ -63,15 +63,6 @@ with import <stockholm/lib>;
        pkgs.pythonPackages.python
      ];
    }
-    {
-      services.dnscrypt-proxy = {
-        enable = true;
-        resolverName = "cs-de";
-      };
-      networking.extraResolvconfConf = ''
-        name_servers='127.0.0.1'
-      '';
-    }
  ];

  networking.hostName = config.krebs.build.host.name;
--- a/lass/2configs/dns-stuff.nix
+++ b/lass/2configs/dns-stuff.nix
@ -0,0 +1,31 @@
+{ config, pkgs, ... }:
+with import <stockholm/lib>;
+{
+  services.dnscrypt-proxy = {
+    enable = true;
+    localAddress = "127.1.0.1";
+    resolverName = "cs-de";
+  };
+  services.dnsmasq = {
+    enable = true;
+    extraConfig = ''
+      server=127.1.0.1
+      server=/dn42/172.23.75.6
+      #no-resolv
+      cache-size=1000
+      min-cache-ttl=3600
+      bind-dynamic
+      all-servers
+      dnssec
+      trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
+      address=/blog/127.0.0.1
+      address=/blog/::1
+      rebind-domain-ok=/onion/
+      server=/.onion/127.0.0.1#9053
+      port=53
+    '';
+  };
+  networking.extraResolvconfConf = ''
+    name_servers='127.0.0.1'
+  '';
+}