diff options
Diffstat (limited to '')
| -rw-r--r-- | modules/common/networking.nix | 3 | ||||
| -rw-r--r-- | modules/unbound.nix | 15 | ||||
| -rw-r--r-- | modules/wireguard.nix | 27 |
3 files changed, 25 insertions, 20 deletions
diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 1f0f97a..b0dd282 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -111,8 +111,7 @@ in services.resolved = { llmnr = "false"; dnsovertls = "opportunistic"; - fallbackDns = dns.const.quad9.default; - domains = [ my.domain.shire ]; + fallbackDns = dns.mkDoT dns.const.quad9.ecs; }; environment = { diff --git a/modules/unbound.nix b/modules/unbound.nix index dae47f8..e837f89 100644 --- a/modules/unbound.nix +++ b/modules/unbound.nix @@ -135,20 +135,7 @@ in { name = "."; forward-tls-upstream = true; - forward-addr = - let - mkDnsOverTls = - ips: auth: - map ( - ip: - concatStrings [ - ip - "@" - auth - ] - ) ips; - in - mkDnsOverTls dns.const.quad9.default "853#dns.quad9.net"; + forward-addr = dns.mkDoT dns.const.quad9.ecs; } ]; diff --git a/modules/wireguard.nix b/modules/wireguard.nix index fe01a86..f32e5ba 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -148,9 +148,15 @@ in "${ipv6.address}/16" ]; extraInterfaceConfig = mkIf this.isHeadful '' - Jc = 4 - Jmin = 40 - Jmax = 70 + jc = 228 + jmin = 42 + jmax = 420 + s1 = 69 + s2 = 96 + h1 = 1134610890 + h2 = 2137373420 + h3 = 625719520 + h4 = 2106927320 ''; }) (with cfg.server; { @@ -218,7 +224,20 @@ in ]; listenPort = port; inherit peers; - postSetup = DNSSetup; + postSetup = + DNSSetup + + '' + awg set ${cfg.interface} \ + jc 228 \ + jmin 42 \ + jmax 420 \ + s1 69 \ + s2 96 \ + h1 1134610890 \ + h2 2137373420 \ + h3 625719520 \ + h4 2106927320 + ''; allowedIPsAsRoutes = false; }; }; |