diff options
author | azahi <azat@bahawi.net> | 2024-10-28 02:41:15 +0300 |
---|---|---|
committer | azahi <azat@bahawi.net> | 2024-10-28 02:41:15 +0300 |
commit | dfa3b61db0e5c4ab5d35af1bf06af1fb27ba659a (patch) | |
tree | 11641ba75d50b63b14086305196e26a8f5f5e700 /modules/common | |
parent | 2024-10-26 (diff) |
2024-10-28
Diffstat (limited to '')
-rw-r--r-- | modules/common/networking.nix | 12 | ||||
-rw-r--r-- | modules/common/nix.nix | 10 |
2 files changed, 17 insertions, 5 deletions
diff --git a/modules/common/networking.nix b/modules/common/networking.nix index b0dd282..f681deb 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -32,9 +32,18 @@ in "::1" = mkForce [ ]; }; + # There's no way[1] to configure DNS server priority in + # systemd-resolved. The only solution for dealing with a broken VPN + # connection is to delete /etc/systemd/resolved.conf and restart the + # systemd-resolved service. Otherwise I'll just end up with a random + # server from the list most of the time because systemd-resolved + # "conveniently" will manage server priority for me... + # + # [1]: https://askubuntu.com/questions/1116732/how-do-i-list-dns-server-order-in-systemd-resolve + # [2]: https://github.com/systemd/systemd/issues/6076 nameservers = with my.configurations.manwe.wireguard; [ - ipv4.address ipv6.address + ipv4.address ]; useDHCP = false; @@ -111,6 +120,7 @@ in services.resolved = { llmnr = "false"; dnsovertls = "opportunistic"; + dnssec = "allow-downgrade"; fallbackDns = dns.mkDoT dns.const.quad9.ecs; }; diff --git a/modules/common/nix.nix b/modules/common/nix.nix index 0ab2888..58d572f 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -72,14 +72,16 @@ in keep-going = true; - trusted-users = [ - "root" - my.username - ]; + trusted-users = [ my.username ]; substituters = [ + "https://cache.garnix.io" "https://cache.tvl.su" "https://nix-community.cachix.org" + "https://numtide.cachix.org" + ]; + trusted-substituters = [ + "https://cache.tvl.su" ]; trusted-public-keys = [ "cache.tvl.su:kjc6KOMupXc1vHVufJUoDUYeLzbwSr9abcAKdn/U1Jk=" |