host/tatos: add forwarding traffic to dnscrypt-proxy2
This commit is contained in:
parent
c14dae659d
commit
e0ded86454
2 changed files with 29 additions and 15 deletions
28
hosts/tatos/services/dns.nix
Normal file
28
hosts/tatos/services/dns.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ lib, ... }:
|
||||
|
||||
let dnsport = 53; in
|
||||
{
|
||||
services.dnscrypt-proxy2.settings.listen_addresses = [ "[::1]:51" ];
|
||||
|
||||
# Forward loopback traffic on port 53 to dnscrypt-proxy2.
|
||||
networking.firewall.extraCommands = ''
|
||||
ip6tables --table nat --flush OUTPUT
|
||||
${lib.flip (lib.concatMapStringsSep "\n") [ "udp" "tcp" ] (proto: ''
|
||||
ip6tables --table nat --append OUTPUT \
|
||||
--protocol ${proto} --destination ::1 --destination-port 53 \
|
||||
--jump REDIRECT --to-ports 51
|
||||
'')}
|
||||
'';
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ dnsport ];
|
||||
allowedUDPPorts = [ dnsport ];
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interface = "wg0";
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
# Source: https://habr.com/ru/companies/xakep/articles/699000/
|
||||
|
||||
|
@ -9,8 +9,6 @@ let
|
|||
port = tatosData.wireguard.port;
|
||||
|
||||
update_ru_routes = pkgs.callPackage ./update_ru_routes.nix { };
|
||||
|
||||
dnsport = 53;
|
||||
in
|
||||
{
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
@ -23,18 +21,6 @@ in
|
|||
internalInterfaces = [ "wg0" ];
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ dnsport ];
|
||||
allowedUDPPorts = [ dnsport port ];
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interface = "wg0";
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ update_ru_routes ];
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
|
|
Loading…
Reference in a new issue