Set up DNS over TLS for adguard
This commit is contained in:
		
							parent
							
								
									24b4b45907
								
							
						
					
					
						commit
						552f606563
					
				
					 1 changed files with 52 additions and 4 deletions
				
			
		|  | @ -62,12 +62,60 @@ | |||
|   # Configure DNS servers manually (this example uses Cloudflare and Google DNS) | ||||
|   # IPv6 DNS servers can be used here as well. | ||||
|   networking.nameservers = [ | ||||
|     "94.140.14.49" | ||||
|     "94.140.14.59" | ||||
|     "2a10:50c0:0:0:0:0:ded:ff" | ||||
|     "2a10:50c0:0:0:0:0:dad:ff" | ||||
|     "127.0.0.1" | ||||
|     "::1" | ||||
|   ]; | ||||
| 
 | ||||
|   services.stubby = { | ||||
|     enable = true; | ||||
|     settings = | ||||
|       pkgs.stubby.passthru.settingsExample | ||||
|       // { | ||||
|         upstream_recursive_servers = [ | ||||
|           { | ||||
|             address_data = "94.140.14.49"; | ||||
|             tls_auth_name = "4b921896.d.adguard-dns.com"; | ||||
|             tls_pubkey_pinset = [ | ||||
|               { | ||||
|                 digest = "sha256"; | ||||
|                 value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; | ||||
|               } | ||||
|             ]; | ||||
|           } | ||||
|           { | ||||
|             address_data = "94.140.14.59"; | ||||
|             tls_auth_name = "4b921896.d.adguard-dns.com"; | ||||
|             tls_pubkey_pinset = [ | ||||
|               { | ||||
|                 digest = "sha256"; | ||||
|                 value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; | ||||
|               } | ||||
|             ]; | ||||
|           } | ||||
|           { | ||||
|             address_data = "2a10:50c0:0:0:0:0:ded:ff"; | ||||
|             tls_auth_name = "4b921896.d.adguard-dns.com"; | ||||
|             tls_pubkey_pinset = [ | ||||
|               { | ||||
|                 digest = "sha256"; | ||||
|                 value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; | ||||
|               } | ||||
|             ]; | ||||
|           } | ||||
|           { | ||||
|             address_data = "2a10:50c0:0:0:0:0:dad:ff"; | ||||
|             tls_auth_name = "4b921896.d.adguard-dns.com"; | ||||
|             tls_pubkey_pinset = [ | ||||
|               { | ||||
|                 digest = "sha256"; | ||||
|                 value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U="; | ||||
|               } | ||||
|             ]; | ||||
|           } | ||||
|         ]; | ||||
|       }; | ||||
|   }; | ||||
| 
 | ||||
|   services.openssh = { | ||||
|     enable = true; | ||||
|     # require public key authentication for better security | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue