From 264239e195928d59d4eb4b060b7446a95358aeb0 Mon Sep 17 00:00:00 2001 From: schererleander Date: Thu, 5 Feb 2026 18:13:56 +0100 Subject: feat(dns): setup dns over tls for macos via cloudflared --- modules/services/dns.nix | 46 ++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 40 insertions(+), 6 deletions(-) (limited to 'modules/services/dns.nix') diff --git a/modules/services/dns.nix b/modules/services/dns.nix index 1917bf0..75c8d56 100644 --- a/modules/services/dns.nix +++ b/modules/services/dns.nix @@ -3,14 +3,12 @@ { lib, ... }: let servers = [ - "1.1.1.1#cloudflare-dns.com" - "1.0.0.1#cloudflare-dns.com" - "9.9.9.9#dns.quad9.net" - "149.112.112.112#dns.quad9.net" + "194.242.2.2#dns.mullvad.net" + "2a07:e340::2#dns.mullvad.net" ]; fallbackServers = [ - "8.8.8.8#dns.google" - "8.8.4.4#dns.google" + "1.1.1.1#cloudflare-dns.com" + "1.0.0.1#cloudflare-dns.com" ]; in { @@ -31,4 +29,40 @@ networkmanager.dns = lib.mkDefault "systemd-resolved"; }; }; + + flake.modules.darwin.dns = + { pkgs, lib, ... }: + { + environment.systemPackages = [ pkgs.cloudflared ]; + + networking = { + dns = [ "127.0.0.1" ]; + knownNetworkServices = [ + "Wi-Fi" + "Thunderbolt Bridge" + ]; + }; + + launchd.daemons.cloudflared-dns = { + serviceConfig = { + Label = "com.cloudflare.cloudflared-dns"; + ProgramArguments = [ + "${pkgs.cloudflared}/bin/cloudflared" + "proxy-dns" + "--upstream" + "https://dns.mullvad.net/dns-query" + "--upstream" + "https://dns.quad9.net/dns-query" + "--port" + "53" + "--address" + "127.0.0.1" + ]; + RunAtLoad = true; + KeepAlive = true; + StandardOutPath = "/var/log/cloudflared-dns.log"; + StandardErrorPath = "/var/log/cloudflared-dns.log"; + }; + }; + }; } -- cgit v1.3.1