update wheatley with DNS over TLS and some added packages to shared for DNS and network debugging for the future

2025-09-19 17:05:10 +02:00 · 2025-09-19 17:05:10 +02:00 · f9c37df27d
commit f9c37df27d
parent ed977534e2
2 changed files with 34 additions and 0 deletions
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@ -162,6 +162,36 @@
    enable = false;
  };

+  services.stubby = {
+    enable = true;
+    settings =
+      pkgs.stubby.passthru.settingsExample
+      // {
+        upstream_recursive_servers = [
+          {
+            address_data = "192.242.2.4";
+            tls_auth_name = "base.dns.mullvad.net";
+            tls_pubkey_pinset = [
+              {
+                digest = "sha256";
+                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+              }
+            ];
+          }
+          {
+            address_data = "2a07:e340::4";
+            tls_auth_name = "base.dns.mullvad.net";
+            tls_pubkey_pinset = [
+              {
+                digest = "sha256";
+                value = "g8bfYNSxU86c8odFPsdTvWnC2VZkxIiHLZ2a6pydEjI=";
+              }
+            ];
+          }
+        ];
+      };
+  };
+
  networking = {
    hostName = "wheatley";

--- a/nixos/shared/packages/default.nix
+++ b/nixos/shared/packages/default.nix
@ -43,6 +43,10 @@
      wget
      zsh
      tldr
+      nmap
+      knot-dns
+      libressl
+      nettools

      # System libraries
    ])