lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: prevent dns leaks

Browse source 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
This commit is contained in:
Lander Van den Bulcke 2025-09-21 11:44:19 +02:00
parent 6340657086
commit 87f425b1c6
Signed by: lander
GPG key ID: 0142722B4B0C536F
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/servers/hosting-02.nix
View file

@ -23,6 +23,7 @@
publicKey = "KkShcqgwbkX2A9n1hhST6qu+m3ldxdJ2Lx8Eiw6mdXw="; publicKey = "KkShcqgwbkX2A9n1hhST6qu+m3ldxdJ2Lx8Eiw6mdXw=";
endpoint = "146.70.117.226:51820"; endpoint = "146.70.117.226:51820";
privateKeyFile = config.sops.secrets.wireguardKey.path; privateKeyFile = config.sops.secrets.wireguardKey.path;
dns = "10.64.0.1";
}; };
services.storagebox = { services.storagebox = {

10
modules/nixos/namespaced-vpn.nix
View file

@ -47,6 +47,11 @@ in
type = types.str; type = types.str;
default = "10.10.10.2/30"; default = "10.10.10.2/30";
}; };
dns = mkOption {
type = types.str;
default = "9.9.9.9";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -138,5 +143,10 @@ in
}; };
}; };
environment.etc."netns/${cfg.namespace}/resolv.conf" = {
text = ''
nameserver ${cfg.dns}
'';
};
}; };
} }