1
0
Fork 0

tailscale/adguard: use agh as ts dns

This commit is contained in:
Daniel Kempkens 2024-05-25 15:47:17 +02:00
parent 40426ab5f8
commit c265b5d649
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
11 changed files with 52 additions and 3 deletions

View file

@ -11,7 +11,7 @@ project() {
# Languages # Languages
project_erlang() { project_erlang() {
export ERL_AFLAGS="-kernel shell_history enabled" export ERL_AFLAGS="-kernel shell_history enabled -kernel shell_history_path '\"$(direnv_layout_dir)/erl_history\"'"
export REBAR_CACHE_DIR=$(direnv_layout_dir)/rebar export REBAR_CACHE_DIR=$(direnv_layout_dir)/rebar
export REBAR_GLOBAL_CONFIG_DIR=$(direnv_layout_dir)/rebar/config export REBAR_GLOBAL_CONFIG_DIR=$(direnv_layout_dir)/rebar/config

View file

@ -32,7 +32,7 @@ in
# ../nixos/telegraf.nix # ../nixos/telegraf.nix
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/tailscale-argon.nix ../nixos/tailscale-nodns.nix
../nixos/unbound.nix ../nixos/unbound.nix

View file

@ -26,6 +26,7 @@ in
../nixos/ddg.nix ../nixos/ddg.nix
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/tailscale-nodns.nix
../nixos/unbound.nix ../nixos/unbound.nix

View file

@ -55,6 +55,7 @@ in
../nixos/matrix ../nixos/matrix
../nixos/tailscale.nix ../nixos/tailscale.nix
../nixos/tailscale-nodns.nix
../nixos/websites-tanker.nix ../nixos/websites-tanker.nix

View file

@ -27,6 +27,30 @@
allow_unencrypted_doh = true; allow_unencrypted_doh = true;
strict_sni_check = true; strict_sni_check = true;
}; };
dns = {
# Based on: https://pkg.go.dev/github.com/Potterli20/golibs-fork/netutil#IsLocallyServed
private_networks = [
"10.0.0.0/8"
"127.0.0.0/8"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.2.0/24"
"192.168.0.0/16"
"198.51.100.0/24"
"203.0.113.0/24"
"255.255.255.255/32"
"::/128"
"::1/128"
"2001:db8::/32"
"fd00::/8"
"fe80::/10"
"100.64.10.0/24"
"fd7a:115c:a1e0:1010::/64"
];
};
}; };
# settings = { # settings = {

View file

@ -28,7 +28,7 @@ in
acl_policy_path = config.age.secrets.headscale-acls.path; acl_policy_path = config.age.secrets.headscale-acls.path;
dns_config = { dns_config = {
override_local_dns = false; override_local_dns = true;
nameservers = [ nameservers = [
"100.64.10.1" "100.64.10.1"

View file

@ -13,6 +13,7 @@ in
extraUpFlags = [ extraUpFlags = [
"--login-server" "--login-server"
headscale headscale
"--stateful-filtering"
]; ];
}; };
} }

View file

@ -24,15 +24,37 @@
num-threads = 1; num-threads = 1;
so-rcvbuf = "1m"; so-rcvbuf = "1m";
unblock-lan-zones = true;
insecure-lan-zones = true;
private-address = [ private-address = [
"192.168.0.0/16" "192.168.0.0/16"
"169.254.0.0/16" "169.254.0.0/16"
"172.16.0.0/12" "172.16.0.0/12"
"10.0.0.0/8" "10.0.0.0/8"
"100.64.10.0/24"
"fd00::/8" "fd00::/8"
"fe80::/10" "fe80::/10"
"fd7a:115c:a1e0:1010::/64"
];
};
forward-zone = [
{
name = "10.64.100.in-addr.arpa.";
forward-addr = "100.100.100.100";
}
{
name = "0.1.0.1.0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa.";
forward-addr = "100.100.100.100";
}
{
name = "in-addr.arpa.";
forward-addr = "10.0.0.1";
}
]; ];
}; };
}; };
};
} }