modules.dns.earth: use smartdns

1sixth · Aug 30, 2024 · c3178df · c3178df
1 parent ecb9467
commit c3178df
Showing 1 changed file with 38 additions and 19 deletions.
diff --git a/modules/dns/earth.nix b/modules/dns/earth.nix
@@ -1,28 +1,47 @@
 { ... }:
 
 let
-  DNS = builtins.concatStringsSep " " [
-    "2606:4700:4700::1111#one.one.one.one"
-    "2606:4700:4700::1001#one.one.one.one"
-    "1.1.1.1#one.one.one.one"
-    "1.0.0.1#one.one.one.one"
-    "2001:4860:4860::8888#dns.google"
-    "2001:4860:4860::8844#dns.google"
-    "8.8.8.8#dns.google"
-    "8.8.4.4#dns.google"
+  Bootstrap = map (x: x + " -bootstrap-dns") [
+    # Cloudflare DNS
+    "2606:4700:4700::1111"
+    "2606:4700:4700::1001"
+    "1.1.1.1"
+    "1.0.0.1"
+
+    # Google DNS
+    "2001:4860:4860::8888"
+    "2001:4860:4860::8844"
+    "8.8.8.8"
+    "8.8.4.4"
+  ];
+
+  DoH = [
+    "https://cloudflare-dns.com/dns-query"
+    "https://dns.google/dns-query"
   ];
 in
 
 {
-  services.resolved = {
-    extraConfig = ''
-      DNS=${DNS}
-      FallbackDNS=
-      Domains=~.
-      LLMNR=false
-      MulticastDNS=false
-      DNSOverTLS=true
-      DNSStubListenerExtra=127.0.0.1
-    '';
+
+  environment.etc."resolv.conf".text = ''
+    nameserver 127.0.0.1
+    options edns0 trust-ad
+    search .
+  '';
+
+  services = {
+    resolved.enable = false;
+    smartdns = {
+      enable = true;
+      settings = {
+        bind = "127.0.0.1:53";
+        dualstack-ip-selection = true;
+        log-syslog = true;
+        prefetch-domain = true;
+        server = Bootstrap;
+        server-https = DoH;
+        speed-check-mode = "ping";
+      };
+    };
   };
 }