Set up DNS over TLS for adguard
This commit is contained in:
parent
24b4b45907
commit
552f606563
|
@ -62,12 +62,60 @@
|
||||||
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
|
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
|
||||||
# IPv6 DNS servers can be used here as well.
|
# IPv6 DNS servers can be used here as well.
|
||||||
networking.nameservers = [
|
networking.nameservers = [
|
||||||
"94.140.14.49"
|
"127.0.0.1"
|
||||||
"94.140.14.59"
|
"::1"
|
||||||
"2a10:50c0:0:0:0:0:ded:ff"
|
|
||||||
"2a10:50c0:0:0:0:0:dad:ff"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.stubby = {
|
||||||
|
enable = true;
|
||||||
|
settings =
|
||||||
|
pkgs.stubby.passthru.settingsExample
|
||||||
|
// {
|
||||||
|
upstream_recursive_servers = [
|
||||||
|
{
|
||||||
|
address_data = "94.140.14.49";
|
||||||
|
tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||||
|
tls_pubkey_pinset = [
|
||||||
|
{
|
||||||
|
digest = "sha256";
|
||||||
|
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address_data = "94.140.14.59";
|
||||||
|
tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||||
|
tls_pubkey_pinset = [
|
||||||
|
{
|
||||||
|
digest = "sha256";
|
||||||
|
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address_data = "2a10:50c0:0:0:0:0:ded:ff";
|
||||||
|
tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||||
|
tls_pubkey_pinset = [
|
||||||
|
{
|
||||||
|
digest = "sha256";
|
||||||
|
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
address_data = "2a10:50c0:0:0:0:0:dad:ff";
|
||||||
|
tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||||
|
tls_pubkey_pinset = [
|
||||||
|
{
|
||||||
|
digest = "sha256";
|
||||||
|
value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# require public key authentication for better security
|
# require public key authentication for better security
|
||||||
|
|
Loading…
Reference in a new issue