rnhmjoj/maxwell
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

replace dnscrypt-wrapper with dnsdist

Browse Source
This commit is contained in:
Michele Guerini Rocco 2024-07-04 11:21:51 +02:00
parent 7c77904a34
commit bad0deb8e5
Signed by: rnhmjoj
GPG Key ID: BFBAF4C975F76450
3 changed files with 96 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
configuration.nix
View File

@ -44,6 +44,7 @@
hostName = "maxwell"; hostName = "maxwell";
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
53 # dns
443 80 # reverse proxy 443 80 # reverse proxy
993 # imaps server 993 # imaps server
25 465 # smtp(s) server 25 465 # smtp(s) server
@ -54,7 +55,7 @@
]; ];
firewall.allowedUDPPorts = [ firewall.allowedUDPPorts = [
443 # dnscrypt 443 # dnscrypt
53 # powerdns 53 # dns
21027 # syncthing discovery 21027 # syncthing discovery
64738 # mumble server 64738 # mumble server
]; ];

41
nameserver.nix
View File

@ -1,10 +1,10 @@
{ config, lib, ... }: { config, lib, ... }:
# Setup: # Setup:
# PDNS recursor on port 53 # pdns-recursor on localhost:55
# DNSCrypt wrapper on port 5353 # dnsdist on port 53 (DNS) and localhost:54 (DNSCrypt)
# NCDNS for Namecoin bit. zone resolution # sslh handling both HTTP and DNS on port 443
# sslh handling both HTTP and DSN on 443 # ncdns for Namecoin bit. zone resolution
{ {
# Recursive DNS resolver # Recursive DNS resolver
@ -12,17 +12,30 @@
{ enable = true; { enable = true;
# Configures the bit. zone # Configures the bit. zone
resolveNamecoin = true; resolveNamecoin = true;
# Use both IPv4 and IPv6 dns.port = 55;
dns.allowFrom = [ "0.0.0.0/0" "::0/0" ];
settings.local-address = [ "0.0.0.0" "::" ];
}; };
# Wrap the local recursive resolver in DNSCrypt # Public DNS resolver
services.dnscrypt-wrapper = services.dnsdist =
{ enable = true; { enable = true;
address = "[::]"; extraConfig = ''
providerKey.public = config.secrets.dnscrypt.pub; -- Listen on IPv6 and IPv4
providerKey.secret = config.secrets.dnscrypt.sec; setLocal("[::]:53"); addLocal("0.0.0.0:53")
-- Allow everything
setACL({"0.0.0.0/0", "::/0"})
-- Set upstream resolver
newServer({address="[::1]:55", name="pdns"})
'';
};
# DNSCrypt endpoint
services.dnsdist.dnscrypt =
{ enable = true;
listenAddress = "[::1]";
listenPort = 54;
providerKey = config.secrets.dnscrypt.sec;
}; };
# Demultiplex HTTP and DNS from port 443 # Demultiplex HTTP and DNS from port 443
@ -38,8 +51,8 @@
[ # Send TLS to nginx (TCP) [ # Send TLS to nginx (TCP)
{ name = "tls"; host = "localhost"; port= "443"; } { name = "tls"; host = "localhost"; port= "443"; }
# Send DNSCrypt to dnscrypt-wrapper (TCP or UDP) # Send DNSCrypt to dnscrypt-wrapper (TCP or UDP)
{ name = "anyprot"; host = "localhost"; port = "5353"; } { name = "anyprot"; host = "localhost"; port = "54"; }
{ name = "anyprot"; host = "localhost"; port = "5353"; { name = "anyprot"; host = "localhost"; port = "54";
is_udp = true; udp_timeout = 100; } is_udp = true; udp_timeout = 100; }
]; ];
}; };

132
secrets/default.nix
View File

@ -1,66 +1,66 @@
U2FsdGVkX1/ZJj5EU5b+BSTf5NlPUY/G67cJHbDVBovQKquVFMf1P+ZAcmIV62qA U2FsdGVkX19XCACEufEt5M4bXKrEZbc3uwl9/RfxrTWPGRc+9wq/lObPINAaiVJ5
HbyNN08YRY65vgRzWtU6wRg3q7ifWN82keCjX29Z7S2vYXCzi40UHPmRBBRawVY2 6RC1WdLmXBnubDqxvvf4Oont7clL3Uf2YlJTvKQ1ybnPOLDG49PXQDS45vjktTf3
9pjng2Zo53csln9O+MZAPeVV1E85WI3iLvfX+dhvyDzwzFQ3BxdL824MxctLTJPt Edl/a9vHj43WbZB/ZRFwcQmPXlGkF/H4wl1Ab44nvTXmIna53kkK6qjpj8gk9BrJ
Ja/GVm0CYcPZTJTzPXJEBUwZxu/oc2HHv9OR9a5I8gqyZOwAiIXQ8rTSU2zPzulp qDzyGjtdpZ2IQi1niPZFuTHb/ZYEK/7KVDABo13HL0A02C/tQE8g+oT00BJUKyl2
xoKL9RgtYonW1UT/XZHOsDEk9Xdd1EcbY1chumYUErtKTouRimWrjnTePsYcQy6f 4P94Q9lVfqAjMzjIV/yp8QjDh6kQsM6I0Nc0Gyqjjhf8ppdYkeYtqiboaoaxksEU
griuXE4Lb8xFu6oxsY7Kziwo5B2r5to8dLB0soOWCSImRBy11ntqxezOY6+43YIa LIwyyFV+aqlFGAVdYv8d5TaAoJ+B7+Szw284uGkKOBb78GV4SBBIpe7GlOBcX4+v
FUtSTdzBq171tQ5opAIuiCLAos/94rKiktxAEbTMScsJbubvPex1qGTGG1Cvj5hZ hI2F0HXTcaBg5lO6Z9SS79GeJcbKliu2mAp7hrdSs+gBjPoClxFGgVY7lac3uVW3
mA54Elpsjup7rdSkcYVTXojoDA/VR2HP90coBpYD6qRj8IdPfvs7fQu46BQSGKN6 03HptqLB5Dtu98vG/iazEdyxGERYL0HF9pGpCGNCnSmWoR7LOGdNvcI0h5nHYOeB
3VVgmHiMhfraefaL5ldqr/M8FS6vyXSJV9KR7TQ6ha3RgPSYB3EjsC0LRrENuYRO 4ml+UCak7j8mLMU8ldnvrEIZTfLImnMothXc+oW33sNV3AfnlOGpM8bztHmAbB7U
eO6KXxmYj3iFtud7gIulsiKXD0WdzPFMH/Od/Tu6LLAFCqFyIBkVuwksxNlHCZ/H 1dw+H3ig+eXVtpJ6swSFo0+TepJmZjRGjfpTyLhljnyDavIZk79RkijzzrThWcV3
6ayiSSLNwviY6xSYvZURY7t/l8SCiikRyIsdSR6b+oe+mwkAZ7W9XwLLZc2G2oCd joUEk95G26i4+xhDFsbGzriLlLg7rsvxESPdzimfqfO74+jsFxIvlua1DKf9PtvX
FTzvcRv2o9eKr/pnXFPpMgTJ1LJp7wiLOf7xcDY2mZV7mCVm7+3Hzc4W0tiEQ4Uv 2wobnqhEjDJN2EGvH7j2gK6XUTmRoQwIs7cEETiDg0h3kiiAi6MDCvD6qVSvdIQS
vDSofcTfWZV2PZftekk3//Yt8hLsH1JgtvPxNWtVC+U/504R0FtV4YbYOm98EJJt IfHpOGLYaPR3lZDrvzJtYANkLoXVZ9Mb8laJ9gtAq+Hnvu9Wt3Xe8YrA6S7fF01B
j5ufDSRvo99v+wyokkq4Uv8ysHxTXLeQ4VwxDOvkjRnT4P5QhhE1ontJJWHAuPne 3PHB7Is4haDwFKSsxHTUhZ0dkaAPe2W45iA5irxrZ8wncvyM1ecoE5M8Lvz8hh2k
6JmWMUihKBNz/PKL3tloXWjrf/bfdSfbDh5vYI0C9B6LhnQPeBOjgfdVzuoMvCJ4 MN5FxscGcQps4jVr0wg+hfyOK7r0P+spyLX0IbvxzTA7gUUrJFpHVYmrWU/MM6ft
EH4Btz9qtELlNNnWFXIB0n5mBlAIflILpLi1dD5900KQd0T5U2eJh6S371HLqjaq 2YstGLSlR1Z1roYFOhCgJzaq/waKClkdS43zEIG5Xyz8LiYQX/M+WijXHlRs1WwH
pQoBIQfGFKDy9dFUxHKG2A76KfoTvBSNw5/ZxSbMZ0+YEToX0LRQ6Vz7Yqn/TDBn /2i04Amc6uLzXr1uXJBXtK4ZmVLu+elJqZhXQxRmLp+ioUr+Wdoo6lF8XAi7RwTV
cBBMyuBE88xsEC7TluKd88EYhuE0LAVY0SgiHCsRDs2fwrLO2Th0mwHqQJvb9dwz 1nlk72qXRpb/5l1G8SPykrUFc8E2chqs+0OcRGIi4cKuYPvYTxboSl3nkG8v5UBr
h3g7RgM0+nZZXGUl1U81XNK/TB1jj28KyFYBV/sXAqBOiJTwUx86lNYIhJ88l+B8 KZbw6My5gfSyw5ykZdxdec1l0hv8cRcuVpVwnUNUclSbGIrOrYtTxsVhjtmYw2gE
hzlYT1YmgmeiRu+wtIfBPyhpFdyWIK3eY3C/YI3Uh2GN2ulHrPjJLusefzd3EWQz GOn0iRBbe7pD/q6959VdWmOW1uy2jTOUt5VeOmMAG1MQRcxAlIaDDICzgiD6bWLU
MS8bNOx39v0dl8oI4Mgmu00dy8uwFzr1tA4XUKmo2bXX7aEV7c7MRYZNRYxukq8n w4PMwRf5kN/V+GHPdgI3UoKyI3enwDXUtXMfKp65nid28p5sEBYKzEQSxFD5xwlp
HPKH8/gmlpMdK2WoMwgRuJCGZaW/9ruGYlJArzViHoBeypyn/TZOxGLTKqfStcX+ eBjelqcJXatIbZyyjmbs0lw+u9IYfIbLzR5CzR33JQDM9gdmbAIEX6RwEcTLpeYq
VdP03n2Wa5E3b1p5eqdJ7xUAl6qJQeT7LoWMTZaPkAEEmRoDembMe9JKxW4qRzzY cdmB8Lo/RkbWXUoqM9kHVBSWBPtKPkQ/zt+njVOFW3x+BJiGKX0GfrDMQDewnRKN
Ez5cKscrEI32m0Owa2u1enRLQ037s5ow9chYbAenaHuKL9aHIqr7ktcrEqC0f+sB jJbMLDQXnUPp38M13qltypW/fDvUcWKbTX1OXIFj4eZMw9487GfvCtZd4UjPDLop
GSQ1MDiArNmAKDoFj0c1tiByLcuc6vKqLkE8OUmiPy9Yejldejpu2TAH/OHl8Rrc cScZVq93GlKd/oSYQM1KcGXANtj0br1xnwYXs+bdMsO7Y9Ae54S+IR1M+WaqtcG2
xvGKYLj+R7przdoklFDgVVXIoJywv1KKdmhjnjKUjX5c294Xi7eZkbFXTX9MIZ27 uJt7lJIx+7rFJJE13j/nZwcwfKGMv7XxRoHxOI43MW5MSD1IiXgsZ4g1B59NZhDR
EZ/Sj2paCaSLOo9Z5j0xFWHKMAkIKHSmcFsRPrulA3V8W9ox1VbXcpR0XRItNBgw rgDIT9PPA3UK2e28eGAbQVRWriKLUjlkuEa0ecjH8dR+kHuwX+eBhl5f72Ww9/EB
I9BWKvAXwiwB78JXlhacglr/Pc7B4B180qXHMR28YDi578PhiTHUstfoD2aBDePx Wf9Xkr+WsM5Xbh4bEHSM2tUVzFj8T0lyw6mgnI3fF09g0sfNZALNvleF516B7H0k
LEUe4+ibp4aBMgCh4Aup/JFx2YaXwoQUeJQnF9YxMpPhmrGbl1/XyGIR4AdW8nf8 bmnL8bBAQiv4k+7WO5+Oj6F+yzuMstjx7nEEnahKUBH8UNH863Q7cYawD0CxtptH
wD7JR0G9PQnn9HUi6j6JaO7ONwwVoeV7greMHBPSMLSQMlrjcUSM0NQ+A2GNCcMK hdafWlW1CaWlz4YXK9xCxRtQPHJVjI9mMpPReWu6yZeontIHv2l8eyDGurhQH2+p
vMQkDXx/za8wkCPdBCRYUSv4zqeQocTxTH48InVg4/gAXp52L7vYPuGA3G3JMtI5 hRFcrjdNwjQPPCcvwDRygGgsBukeaAgF+Py6mOujNAugoSGfPVfgJ9Vi4kSx7e64
f5C0e2y9swUmeBTT83taY0p99xVJF+c62J7vbiEa8pkqtz7HMet25nIpEguewzMk j8wZ2iph6pEE0f8jxjFj0CJicLIn/4BIFlF84RfWC03HUz7oCyejDuS+8lAyKtNv
JQdmDVPjxXheIbWphE87UN+ePVkfie6o06/wIb/ug7rAKKeVP+CQT9/w7h+ViZ/m zVm0NANr/2bQj/wXihVhuYi+nHYnXZ/nHXhYT5ojiaGI2MSmb1kIDi8gyMnDGb82
Z4QMgMuevZ2hHVNRePSgOPS0OQ/LqrKm2PGokgYplirtL/BORObb3QwgKQ5ihNto +QzzhfNr0GqBzxKas1b5WDgb/yMAFOs6mRXwdRhjpaFl3nBDMlRBf/LAHcCRyQgv
9U2YzoAKPhGYj5o0FYBzKlUt0JatGhpTDQQZz7Y7yrJDIZ62IvTJgmfMALmbXovD /Rm0esZnLkfzvyevclXJ5OlvGa5YFSGIpjvbLWw0rZvcWhdIPiSE1iViDQVwu3xd
oRWVFKeafV/1XQtJ7PxFyHyVfjHVch6luAv+ziCECXmWz4m5liCdh65lu6Ff53Xa zNmfGQvw8nVd9gbvkbYDRn0IraWpXMdSiLJKBmBpAh3vQq9EV7386MKDNeLRtxSs
T8yLHV+2UwCmc8gzuzdFa4RJDSx0+UgoA/GUCnqmkQVbNBFtzLq9zXtQhyAXdcSQ fA8OHnM8y5javN7b5vSqcEoOrCVXtC1SHdq5L5pcYxZx84MnlibzDMQevusxYY1/
dfYtIW2XddiZV77pr8j8M+CrvaxGdzSU63MDYfWbo2evye1teGD2ygZuxWFAvk5k t14MZoZcAUiA3dnNaco/GSh6MOWvbfr68qomXhQjZyzq3vgz7CIWgOhqkjILvbzp
wdBeb1Eggj0nwweNXGDtr0xEL1BPgaBQlxOe9cQwan8Flc+NgWDqVmpvXuuGORfA xc5Kn6vrw43vDXum6uuOFuHGDjZc2ArgUQBkhtB8y7DIPe+gHlKy0XbvKj2T9mrT
SGrHgzWvHQ+Y0UOKj6ObkSUOsIBzPyh8T6TnjYyX+rL6RJkelpGtKYOLvM2Nw1xu ig/jR/Z+WkcI7mZK15DKT5zjuG0DPdCHdni+v0pDKIjH4z+H5wxwGSwA5v57i9HG
LBofbmpy+LS1xnToIlXlawvhucsHTt2mi0PQShTJslmxurYhGZQ1Ubn5HyncyhTt 6tMJAj1R88jLqKxMvZD5ggB3vyfYf6djJNG915RO8rNJRgwhHT6xU0ozrc6bEgTY
av6lq46bV/1MUE6yGI8NxfjEH4Sbafh088S1rYSkcy8FZOZHwJNA1EPJetSNqdX5 K0jhpDM7Zleo8Z1E7pM2C/OSdkwIMxiO724mO7E8MeeWIYuEVA4oWiEQlwG53/2B
3KVRoOlx1Yk1ow0d3kG3Df6X3xOuGFbLuEd4vbi3DbgYBQx2EUBRODjBYLg4ccOY Yql/Q4IkYNXFPBXvT0La0utNO/ipjV0Z8iRnj1++RB0lQrScnMULza9Qm8NWLZHZ
S4DjS6BFnddQ/tNjnyafiuatvR1LUYS+wKknvhehepOO0KceeMqCPLowR1y0r56R 2Ox/427/xk4Rm1r87D1DM/pFM+WAHFx9L9sXbNLZVyxAOJ6OC/6IFPop2JgAIRJC
Y23cBLd+QRjaaRpE/hReMhv7xMYbz/F1E81cTaxdcsY3pNIsKwrHDi4aK1ePlvra 9qulboMiR1ns2CPWF0ryueA9vvZoE46ey7lG/LsF79K/lS7jxi5bz9K7VXG6/eBo
Woi0TKNwp1U2vNL7eV2y6oaHIeMeXsLi9r8cuk+ENl35BK2nwXfW5Pbid18HzGje Q24MZEfoljgwDTbMh3uOYvSHn0XtrYYgKl+ZSYjemAqDEKhavDjNvSKLEvnAhyF9
CbIgXKgbHS1k5rTc/Qb20lLes5A/pbCtNaR6Z0jrp4QpBJwa7uSrwLCR18E1W2mt +h9TFGGtcfntE8JC2Xj1UtRrAM5CWJ3K7VFKnLBecPnnuylYVzFv5IDfxA/dMcv8
EDfL3j4kpCldbIA/FroVqJydmBk06+VoZhFL+C5uVKXyyrSjtq2I2XKSMxscpF2u ApbRHFMd3q9/0GK81ydYfs37VsDBzhvknb1LBWaC546ZUcEt0knt4iWHKvZNC3BQ
42rUCQGbPM0Po0WrICqKTdXchJ1Hk69lvjvoi1ezcVNcRVkK7yPCAx2mNd+bFdtm bL7ZZ5SZjMh5azTGDXRPBHKTpqbh133mCH1eHtiYVLDOvvdcrShs+WuXcXi3jopF
dz2TO4imAwEQIo9qfqEWGLMC/3h7YxmdlGLcgEZ913UtCorr0igTVpNFY8FnIjfq RxSI1Jx8RhHFFvN3DigymLd7APFoXZzjbzkp6WFJT+mwo9WDkbtU3jhAwLncfSWI
rpbolTCkz1a2kXu3zO2423X0DnieUWMmBVL4A9hUHDU+Yglo9Np1ZTfHHraCcU7l j9o8/Gj8mggFfhMhFAmNtm2Hpwfi2ZhYRMJIqiGxVhpHTvfMxaIoQA1ixFfUyu7k
2GHiU3Uf3uxjfRMzKC4JOoDyjxjLdbKL7r6Q9Pu0FWZhxTRt6UTUEHzmqvGB/j6Q Z8VG6PH/JgBaxSRygGDMc93Vbb5pnj95+Zr5XzwCvChDwKW/2C3yVbO09iR4PoTY
EQfT9GP0v8gcaDCWWULoUF9fNpVoLIq0EDCB0rNfdCDIzSJrDy0lwdDstVFJQUit FWeJ3eYFeYlrmlphTknrUWRD2HvALvkgbGlglWElmtHxVX7B2ke7/fKW9Nef9PTb
lz7HD7sysoR3ToqcLeR11qQongQtYoq8oBr8Zsw2dkusgqnhJKMYf0XEDSH54JvD SRKeHikFhBM61Q4NzbkdZVjOrM2XhCw7EQZiNBIgGm9Uo996lp5aghxSQ3KhWtUQ
iWa7QCFmFS6P9O8NXGuCMY528XbEtKGJEqaYINxReF+UVbG/xAum7hBXSYpOm22U phGvjqOVTmTIulFMVs8pVD5+E+8ympw0wGD9YlbyYrkeqvv4acU9yvZN6aXH25mX
h5tNxNLv5Quua2eqNZuhcoMIW06oOTpGS6nIuyXDps34C162w3nLkPNry9dSRsLG HO3RN3S6zwxwAneBasRcnNJggdBOJwFR4Me76xo4tZeFJwEzL4ILSG+hSFDUkHit
N2aHbOHVpegwyP+wxkVSAXIBx89Y8opWApt6tXmm8xQJEwoj9Pd/ph+IiVOA9WCd lE75BOcqwBs30KafoAYpDKdBLbfJemvs8PuPH8XGJn9yeBL1QdDoSerAbucUvVXP
PJobE0AXz9c5civRQXairp2/oz8FDR+nB7im6e+FHU+p1dsTXe91CJtuI1GwzSF5 Px+VtKjaIU+ejmfFCuCr89r3L3Admkix55AUT9BAEQbwbfbMhG6RHF/AvYKIVRHg
TacW4CupcTFv2Dhv5v1x053tR1n7tYNWpx1i3TPw9aJrRO6ltSaDlkSk6spbF5ul WLdTzOQV6QCpw79E8uj4fQVsXhvt7pXwBgJiEJIdGm1/8VKzEr1O+k6SNvzRd4MA
/cIINDjUoxmOS3C3GOYw6n34ayPDDX1C99qjkGZGP5FMM8BZrsaq5wqoJr4WuM7v bu0RIKILcObiErfyOWgYrwzo+EkYsBAL1AI7NJUUFlxnKY/ZjUq1nuET5nA1q/Tp
B9hIyMOydpTyIxAMJlrApuh7bcVnpsCCJjBqYCKB+pq2mLg6ZTKP+aiRoILZy++L ZcwfxGfUD7Bp4HbpZADLCGyI57SIZ4l1e04SBL6htPmZl4JOFnT4x9VDjtmw4uZ4
4p2P72PJX95zxCXqBemHJ26u4yYMOLoz3asO5og08eO6YlD2Kva7E2diwwQ5vnwd dfNhMdTT9TPjEh7+krCLUXCbsPJfaze0sE2jQq2dGwK0vU3OcgQQAPME2mix6BeR
CkyW3JSbs8nL5eVFGVSf8wt0ADgIDgMzYk/wn2eSF96AitnMQcEMG5cp2aF9ulBE 3eK4kqk1F8rjsGoqTvT4HumVEsn9CcRrbBn/0F0eVvVMTfsNZGaGzo0H2qHmoU19
Gg+6Yyr6Xnpx+Sfyij0c5lhIP52eor3QIJPKElW8zorEnviysvo8E8LRtHUZLl8Y 3lsW+1yKg94RUJ+TlpnZ3gEgS5jUh4NirXt3UibhH0TxsidqMjqyZmgh1debiMBK
fXQPCOo35Gc+53zLijUuHUsg5yKJlZ7gevsTFxJl07G/3BUK+SKhLoFDJ9m15RTX nwLo+u6NWn33VuH7TUZLyfPs5wPyVgDmboYPuZE1L+45gEJVX5U5sXM/5JtvsUmK
AWT9pwR8BMGdUUdT4izlL8xG+w== cA==