28 lines
710 B
Nix
28 lines
710 B
Nix
{ lib, ... }:
|
|
|
|
let dnsport = 53; in
|
|
{
|
|
services.dnscrypt-proxy2.settings.listen_addresses = [ "127.0.0.1:51" "[::1]:51" ];
|
|
|
|
# Forward loopback traffic on port 53 to dnscrypt-proxy2.
|
|
networking.firewall.extraCommands = ''
|
|
ip6tables --table nat --flush OUTPUT
|
|
${lib.flip (lib.concatMapStringsSep "\n") [ "udp" "tcp" ] (proto: ''
|
|
ip6tables --table nat --append OUTPUT \
|
|
--protocol ${proto} --destination ::1 --destination-port 53 \
|
|
--jump REDIRECT --to-ports 51
|
|
'')}
|
|
'';
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ dnsport ];
|
|
allowedUDPPorts = [ dnsport ];
|
|
};
|
|
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
settings = {
|
|
interface = "wg0";
|
|
};
|
|
};
|
|
}
|