colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

rename: trust-dns -> hickory-dns

Browse Source
This commit is contained in:
Colin
2024-08-12 01:23:39 +00:00
parent bd97fb9ec9
commit d4290588bf
14 changed files with 89 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
TODO.md
View File

@@ -2,14 +2,14 @@
- `rmDbusServices` may break sandboxing
- e.g. if the package ships a systemd unit which references $out, then make-sandboxed won't properly update that unit.
- `rmDbusServicesInPlace` is not affected
- when moby wlan is explicitly set down (via ip link set wlan0 down), /var/lib/trust-dns/dhcp-configs doesn't get reset
- when moby wlan is explicitly set down (via ip link set wlan0 down), /var/lib/hickory-dns/dhcp-configs doesn't get reset
- `ip monitor` can detect those manual link state changes (NM-dispatcher it seems cannot)
- or try dnsmasq?
- trust-dns can't resolve `abs.twimg.com`
- trust-dns can't resolve `social.kernel.org`
- trust-dns can't resolve `pe.usps.com`
- trust-dns can't resolve `social.seattle.wa.us`
- trust-dns can't resolve `support.mozilla.org`
- hickory-dns can't resolve `abs.twimg.com`
- hickory-dns can't resolve `social.kernel.org`
- hickory-dns can't resolve `pe.usps.com`
- hickory-dns can't resolve `social.seattle.wa.us`
- hickory-dns can't resolve `support.mozilla.org`
- sandbox: link cache means that if i update ~/.config/... files inline, sandboxed programs still see the old version
- mpv: continues to play past the end of some audio files
- mpv: audiocast has mpv sending its output to the builtin speakers unless manually changed

2
hosts/by-name/desko/default.nix
View File

@@ -4,7 +4,7 @@
./fs.nix
];
sane.services.trust-dns.asSystemResolver = false; # TEMPORARY: TODO: re-enable trust-dns
sane.services.hickory-dns.asSystemResolver = false; # TEMPORARY: TODO: re-enable hickory-dns
# sane.programs.devPkgs.enableFor.user.colin = true;
# sane.guest.enable = true;

2
hosts/by-name/servo/default.nix
View File

@@ -21,7 +21,7 @@
"sane-scripts.stop-all-servo"
];
sane.services.dyn-dns.enable = true;
sane.services.trust-dns.asSystemResolver = false; # TODO: enable once it's all working well
sane.services.hickory-dns.asSystemResolver = false; # TODO: enable once it's all working well
sane.services.wg-home.enable = true;
sane.services.wg-home.visibleToWan = true;
sane.services.wg-home.forwardToWan = true;

2
hosts/by-name/servo/services/default.nix
View File

@@ -7,6 +7,7 @@
./ejabberd.nix
./freshrss.nix
./export
./hickory-dns.nix
./gitea.nix
./goaccess.nix
./ipfs.nix
@@ -27,7 +28,6 @@
./prosody
./slskd.nix
./transmission
./trust-dns.nix
./wikipedia.nix
];
}

8
hosts/by-name/servo/services/trust-dns.nix → hosts/by-name/servo/services/hickory-dns.nix
View File

@@ -55,7 +55,7 @@ in
];
};
services.trust-dns.settings.zones = [ "uninsane.org" ];
services.hickory-dns.settings.zones = [ "uninsane.org" ];
networking.nat.enable = true; #< TODO: try removing this?
@@ -83,8 +83,8 @@ in
# };
sane.services.trust-dns.enable = true;
sane.services.trust-dns.instances = let
sane.services.hickory-dns.enable = true;
sane.services.hickory-dns.instances = let
mkSubstitutions = flavor: {
"%ADOOF%" = config.sane.netns.doof.netnsPubIpv4;
"%ANATIVE%" = nativeAddrs."servo.${flavor}";
@@ -141,5 +141,5 @@ in
# };
};
sane.services.dyn-dns.restartOnChange = lib.map (c: "${c.service}.service") (builtins.attrValues config.sane.services.trust-dns.instances);
sane.services.dyn-dns.restartOnChange = lib.map (c: "${c.service}.service") (builtins.attrValues config.sane.services.hickory-dns.instances);
}

4
hosts/common/ids.nix
View File

@@ -45,8 +45,8 @@
sane.ids.pict-rs.gid = 2409;
sane.ids.sftpgo.uid = 2410;
sane.ids.sftpgo.gid = 2410;
sane.ids.trust-dns.uid = 2411;
sane.ids.trust-dns.gid = 2411;
sane.ids.hickory-dns.uid = 2411; #< previously "trust-dns"
sane.ids.hickory-dns.gid = 2411; #< previously "trust-dns"
sane.ids.export.gid = 2412;
sane.ids.nfsuser.uid = 2413;
sane.ids.media.gid = 2414;

12
hosts/common/net/dns.nix
View File

@@ -23,16 +23,16 @@
{ config, lib, pkgs, ... }:
lib.mkMerge [
{
sane.services.trust-dns.enable = lib.mkDefault config.sane.services.trust-dns.asSystemResolver;
sane.services.trust-dns.asSystemResolver = lib.mkDefault true;
sane.services.hickory-dns.enable = lib.mkDefault config.sane.services.hickory-dns.asSystemResolver;
sane.services.hickory-dns.asSystemResolver = lib.mkDefault true;
}
(lib.mkIf (!config.sane.services.trust-dns.asSystemResolver) {
(lib.mkIf (!config.sane.services.hickory-dns.asSystemResolver) {
# use systemd's stub resolver.
# /etc/resolv.conf isn't sophisticated enough to use different servers per net namespace (or link).
# instead, running the stub resolver on a known address in the root ns lets us rewrite packets
# in servo's ovnps namespace to use the provider's DNS resolvers.
# a weakness is we can only query 1 NS at a time (unless we were to clone the packets?)
# TODO: improve trust-dns recursive resolver and then remove this
# TODO: improve hickory-dns recursive resolver and then remove this
services.resolved.enable = true; #< to disable, set ` = lib.mkForce false`, as other systemd features default to enabling `resolved`.
# without DNSSEC:
# - dig matrix.org => works
@@ -40,7 +40,7 @@ lib.mkMerge [
# with default DNSSEC:
# - dig matrix.org => works
# - curl https://matrix.org => fails
# i don't know why. this might somehow be interfering with the DNS run on this device (trust-dns)
# i don't know why. this might somehow be interfering with the DNS run on this device (hickory-dns)
services.resolved.dnssec = "false";
networking.nameservers = [
# use systemd-resolved resolver
@@ -74,7 +74,7 @@ lib.mkMerge [
sane.silencedAssertions = [''.*Loading NSS modules from system.nssModules.*requires services.nscd.enable being set to true.*''];
# add NSS modules into their own subdirectory.
# then i can add just the NSS modules library path to the global LD_LIBRARY_PATH, rather than ALL of /run/current-system/sw/lib.
# TODO: i'm doing this so as to achieve mdns DNS resolution (avahi). it would be better to just have trust-dns delegate .local to avahi
# TODO: i'm doing this so as to achieve mdns DNS resolution (avahi). it would be better to just have hickory-dns delegate .local to avahi
# (except avahi doesn't act as a local resolver over DNS protocol -- only dbus).
environment.systemPackages = [(pkgs.symlinkJoin {
name = "nss-modules";

22
hosts/common/net/networkmanager.nix
View File

@@ -119,13 +119,13 @@ in {
# - "/proc/net"
# - "/proc/sys/net"
# - "/run/NetworkManager"
# - "/run/systemd" # for trust-dns-nmhook
# - "/run/systemd" # for hickory-dns-nmhook
# - "/run/udev"
# - # "/run/wg-home.priv"
# - "/sys/class"
# - "/sys/devices"
# - "/var/lib/NetworkManager"
# - "/var/lib/trust-dns" #< for trust-dns-nmhook
# - "/var/lib/hickory-dns" #< for hickory-dns-nmhook
# - "/run/systemd"
};
@@ -137,12 +137,12 @@ in {
# fix NetworkManager-dispatcher to actually run as a daemon,
# and sandbox it a bit
systemd.services.NetworkManager-dispatcher = {
#VVV so that /var/lib/trust-dns will exist (the hook needs to write here).
# but this creates a cycle: trust-dns-localhost > network.target > NetworkManager-dispatcher > trust-dns-localhost.
#VVV so that /var/lib/hickory-dns will exist (the hook needs to write here).
# but this creates a cycle: hickory-dns-localhost > network.target > NetworkManager-dispatcher > hickory-dns-localhost.
# (seemingly) impossible to remove the network.target dep on NetworkManager-dispatcher.
# beffore would be to have the dispatcher not write trust-dns files
# but rather just its own, and create a .path unit which restarts trust-dns appropriately.
# after = [ "trust-dns-localhost.service" ];
# beffore would be to have the dispatcher not write hickory-dns files
# but rather just its own, and create a .path unit which restarts hickory-dns appropriately.
# after = [ "hickory-dns-localhost.service" ];
# serviceConfig.ExecStart = [
# "" # first blank line is to clear the upstream `ExecStart` field.
# "${cfg.package}/libexec/nm-dispatcher --persist" # --persist is needed for it to actually run as a daemon
@@ -150,7 +150,7 @@ in {
# serviceConfig.Restart = "always";
# serviceConfig.RestartSec = "1s";
# serviceConfig.DynamicUser = true; #< not possible, else we lose group perms (so can't write to `trust-dns`'s files in the nm hook)
# serviceConfig.DynamicUser = true; #< not possible, else we lose group perms (so can't write to `hickory-dns`'s files in the nm hook)
serviceConfig.User = "networkmanager"; # TODO: should arguably use `DynamicUser`
serviceConfig.Group = "networkmanager";
serviceConfig.LockPersonality = true;
@@ -166,7 +166,7 @@ in {
serviceConfig.ProtectKernelLogs = true; # disable /proc/kmsg, /dev/kmsg
serviceConfig.ProtectKernelModules = true; # syscall filter to prevent module calls
serviceConfig.ProtectKernelTunables = true;
serviceConfig.ProtectSystem = "full"; # makes read-only: /boot, /etc/, /usr. `strict` isn't possible due to trust-dns hook
serviceConfig.ProtectSystem = "full"; # makes read-only: /boot, /etc/, /usr. `strict` isn't possible due to hickory-dns hook
serviceConfig.RestrictAddressFamilies = [
"AF_UNIX" # required, probably for dbus or systemd connectivity
];
@@ -234,7 +234,7 @@ in {
# note that NM's resolv.conf isn't (necessarily) /etc/resolv.conf -- that is managed by nixos (via symlinking)
main.dns = if config.services.resolved.enable then
"systemd-resolved"
else if config.sane.services.trust-dns.enable && config.sane.services.trust-dns.asSystemResolver then
else if config.sane.services.hickory-dns.enable && config.sane.services.hickory-dns.asSystemResolver then
"none"
else
"internal"
@@ -276,7 +276,7 @@ in {
users.users.networkmanager = {
isSystemUser = true;
group = "networkmanager";
extraGroups = [ "trust-dns" ];
extraGroups = [ "hickory-dns" ];
};
# there is, unfortunately, no proper interface by which to plumb wpa_supplicant into the NixOS service, except by overlay.

2
modules/dns.nix
View File

@@ -11,7 +11,7 @@ let
# - any character may be encoded by `\DDD`, where `DDD` represents its ascii value in base 8.
# - any non-digit `X` may be encoded by `\X`.
# - stated in: <https://www.ietf.org/rfc/rfc1035.txt>: 5.1 Format
# - visible in <trust-dns:crates/proto/src/serialize/txt/zone_lex.rs:escape_seq>
# - visible in <hickory-dns:crates/proto/src/serialize/txt/zone_lex.rs:escape_seq>
# for us, we can just replace `\` => `\\ and `"` -> `\"`
TXT = value: "\"" + (lib.escape [ "\\" "\"" ] value) + "\"";
};

2
modules/services/default.nix
View File

@@ -5,7 +5,7 @@
./clightning.nix
./dyn-dns.nix
./eg25-manager.nix
./hickory-dns
./kiwix-serve.nix
./trust-dns
];
}

96
modules/services/trust-dns/default.nix → modules/services/hickory-dns/default.nix
View File

@@ -1,20 +1,20 @@
{ config, lib, pkgs, ... }:
let
trust-dns-nmhook = pkgs.static-nix-shell.mkPython3 {
pname = "trust-dns-nmhook";
hickory-dns-nmhook = pkgs.static-nix-shell.mkPython3 {
pname = "hickory-dns-nmhook";
srcRoot = ./.;
pkgs = [
"systemd"
];
};
cfg = config.sane.services.trust-dns;
cfg = config.sane.services.hickory-dns;
dns = config.sane.dns;
toml = pkgs.formats.toml { };
instanceModule = with lib; types.submodule ({ config, name, ...}: {
options = {
service = mkOption {
type = types.str;
default = "trust-dns-${name}";
default = "hickory-dns-${name}";
description = ''
systemd service name corresponding to this instance (used internally and automatically set).
'';
@@ -41,7 +41,7 @@ let
type = types.attrsOf types.str;
default = {};
description = ''
text substitutions to make on the config and zone file before starting trust-dns.
text substitutions to make on the config and zone file before starting hickory-dns.
'';
example = {
"%CNAMESELF%" = "lappy";
@@ -98,12 +98,12 @@ let
mkSystemdService = flavor: { includes, listenAddrsIpv4, listenAddrsIpv6, port, substitutions, extraConfig, ... }: let
sed = "${pkgs.gnused}/bin/sed";
baseConfig = (
lib.filterAttrsRecursive (_: v: v != null) config.services.trust-dns.settings
lib.filterAttrsRecursive (_: v: v != null) config.services.hickory-dns.settings
) // {
listen_addrs_ipv4 = listenAddrsIpv4;
listen_addrs_ipv6 = listenAddrsIpv6;
};
configTemplate = toml.generate "trust-dns-${flavor}.toml" (baseConfig //
configTemplate = toml.generate "hickory-dns-${flavor}.toml" (baseConfig //
(lib.mapAttrs (k: v:
if k == "zones" then
# append to the baseConfig instead of overriding it
@@ -113,7 +113,7 @@ let
)
extraConfig
));
configPath = "/var/lib/trust-dns/${flavor}-config.toml";
configPath = "/var/lib/hickory-dns/${flavor}-config.toml";
sedArgs = builtins.map (key: ''-e "s/${key}/${substitutions."${key}"}/g"'') (
# HACK: %ANATIVE% often expands to one of the other subtitutions (e.g. %AWAN%)
# so we must expand it *first*.
@@ -123,34 +123,34 @@ let
);
subs = lib.concatStringsSep " " sedArgs;
in {
description = "trust-dns Domain Name Server (serving ${flavor})";
unitConfig.Documentation = "https://trust-dns.org/";
description = "hickory-dns Domain Name Server (serving ${flavor})";
unitConfig.Documentation = "https://hickory-dns.org/";
after = [ "network.target" ];
before = [ "network-online.target" ]; # most things assume they'll have DNS services alongside routability
wantedBy = [ "network.target" ];
preStart = lib.concatStringsSep "\n" (
[''
mkdir -p "/var/lib/trust-dns/${flavor}"
mkdir -p "/var/lib/hickory-dns/${flavor}"
${sed} ${subs} -e "" "${configTemplate}" \
| cat - \
${lib.concatStringsSep " " includes} \
> "${configPath}" || true
''] ++ lib.mapAttrsToList (zone: { rendered, ... }: ''
${sed} ${subs} -e "" ${pkgs.writeText "${zone}.zone.in" rendered} \
> "/var/lib/trust-dns/${flavor}/${zone}.zone"
> "/var/lib/hickory-dns/${flavor}/${zone}.zone"
'') dns.zones
);
serviceConfig = (config.systemd.services.hickory-dns or config.systemd.services.trust-dns).serviceConfig // {
serviceConfig = config.systemd.services.hickory-dns.serviceConfig // {
ExecStart = lib.escapeShellArgs ([
"${lib.getExe config.services.trust-dns.package}"
"${lib.getExe config.services.hickory-dns.package}"
"--port" (builtins.toString port)
"--zonedir" "/var/lib/trust-dns/${flavor}"
"--zonedir" "/var/lib/hickory-dns/${flavor}"
"--config" "${configPath}"
] ++ lib.optionals config.services.trust-dns.debug [
] ++ lib.optionals config.services.hickory-dns.debug [
"--debug"
] ++ lib.optionals config.services.trust-dns.quiet [
] ++ lib.optionals config.services.hickory-dns.quiet [
"--quiet"
]);
# servo/dyn-dns needs /var/lib/uninsane/wan.txt.
@@ -158,14 +158,14 @@ let
# so just bind the deepest path which is guaranteed to exist.
ReadOnlyPaths = [ "/var/lib" ]; #< TODO: scope this down!
} // lib.optionalAttrs cfg.asSystemResolver {
# allow the group to write trust-dns state (needed by NetworkManager hook)
# allow the group to write hickory-dns state (needed by NetworkManager hook)
StateDirectoryMode = "775";
};
};
in
{
options = with lib; {
sane.services.trust-dns = {
sane.services.hickory-dns = {
enable = mkOption {
default = false;
type = types.bool;
@@ -182,19 +182,19 @@ in
};
config = lib.mkIf cfg.enable {
# enable nixpkgs' trust-dns so that i get its config generation
# enable nixpkgs' hickory-dns so that i get its config generation
# but don't actually enable the systemd service... i'll instantiate *multiple* instances per interface further below
services.trust-dns.enable = true;
services.trust-dns.settings.zones = []; #< TODO: remove once upstreamed (bad default)
services.hickory-dns.enable = true;
services.hickory-dns.settings.zones = []; #< TODO: remove once upstreamed (bad default)
# don't bind to IPv6 until i explicitly test that stack
services.trust-dns.settings.listen_addrs_ipv6 = [];
services.trust-dns.quiet = true;
# FIXME(2023/11/26): services.trust-dns.debug doesn't log requests: use RUST_LOG=debug env for that.
services.hickory-dns.settings.listen_addrs_ipv6 = [];
services.hickory-dns.quiet = true;
# FIXME(2023/11/26): services.hickory-dns.debug doesn't log requests: use RUST_LOG=debug env for that.
# - see: <https://github.com/hickory-dns/hickory-dns/issues/2082>
# services.trust-dns.debug = true;
# services.hickory-dns.debug = true;
services.trust-dns.package = pkgs.trust-dns.override {
services.hickory-dns.package = pkgs.hickory-dns.override {
rustPlatform.buildRustPackage = args: pkgs.rustPlatform.buildRustPackage (args // {
buildFeatures = [
"recursor"
@@ -214,11 +214,11 @@ in
cargoHash = "sha256-6Es5/gRqgsteWUHICdgcNlujJE9vrdr3tj/EKKyFsrY=";
});
};
services.trust-dns.settings.directory = "/var/lib/trust-dns";
services.hickory-dns.settings.directory = "/var/lib/hickory-dns";
users.groups.trust-dns = {};
users.users.trust-dns = {
group = "trust-dns";
users.groups.hickory-dns = {};
users.users.hickory-dns = {
group = "hickory-dns";
isSystemUser = true;
};
@@ -227,27 +227,15 @@ in
hickory-dns.enable = false;
hickory-dns.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "trust-dns";
Group = "trust-dns";
User = "hickory-dns";
Group = "hickory-dns";
wantedBy = lib.mkForce [];
# there can be a lot of restarts as interfaces toggle,
# particularly around the DHCP/NetworkManager stuff.
StartLimitBurst = 60;
StateDirectory = lib.mkForce "trust-dns";
StateDirectory = lib.mkForce "hickory-dns";
};
trust-dns.enable = false;
trust-dns.serviceConfig = {
DynamicUser = lib.mkForce false;
User = "trust-dns";
Group = "trust-dns";
wantedBy = lib.mkForce [];
# there can be a lot of restarts as interfaces toggle,
# particularly around the DHCP/NetworkManager stuff.
StartLimitBurst = 60;
StateDirectory = lib.mkForce "trust-dns";
};
# trust-dns.unitConfig.StartLimitIntervalSec = 60;
# hickory-dns.unitConfig.StartLimitIntervalSec = 60;
}
(lib.mapAttrs'
(flavor: instanceConfig: {
@@ -259,28 +247,28 @@ in
];
# run a hook whenever networking details change, so the DNS zone can be updated to reflect this
environment.etc."NetworkManager/dispatcher.d/60-trust-dns-nmhook" = lib.mkIf cfg.asSystemResolver {
source = "${trust-dns-nmhook}/bin/trust-dns-nmhook";
environment.etc."NetworkManager/dispatcher.d/60-hickory-dns-nmhook" = lib.mkIf cfg.asSystemResolver {
source = "${hickory-dns-nmhook}/bin/hickory-dns-nmhook";
};
# allow NetworkManager (via trust-dns-nmhook) to restart trust-dns when necessary
# allow NetworkManager (via hickory-dns-nmhook) to restart hickory-dns when necessary
# - source: <https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service>
security.polkit.extraConfig = lib.mkIf cfg.asSystemResolver ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("trust-dns") &&
if (subject.isInGroup("hickory-dns") &&
action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "trust-dns-localhost.service") {
action.lookup("unit") == "hickory-dns-localhost.service") {
return polkit.Result.YES;
}
});
'';
sane.services.trust-dns.instances.localhost = lib.mkIf cfg.asSystemResolver {
sane.services.hickory-dns.instances.localhost = lib.mkIf cfg.asSystemResolver {
listenAddrsIpv4 = [ "127.0.0.1" ];
listenAddrsIpv6 = [ "::1" ];
enableRecursiveResolver = true;
# append zones discovered via DHCP to the resolver config.
includes = [ "/var/lib/trust-dns/dhcp-configs/*" ];
includes = [ "/var/lib/hickory-dns/dhcp-configs/*" ];
};
networking.nameservers = lib.mkIf cfg.asSystemResolver [
"127.0.0.1"

12
modules/services/trust-dns/trust-dns-nmhook → modules/services/hickory-dns/hickory-dns-nmhook
View File

@@ -2,7 +2,7 @@
#!nix-shell -i python3 -p python3 -p systemd
# vim: set filetype=python :
# /etc/NetworkManager/dispatcher.d/trust-dns-nmhook:
# /etc/NetworkManager/dispatcher.d/hickory-dns-nmhook:
# NetworkManager-dispatcher.service calls this script whenever any network changes state.
# this includes when we activate a new network and receive DHCP info.
# specifically, this script propagates DHCP info to my DNS setup,
@@ -23,7 +23,7 @@ import subprocess
logger = logging.getLogger(__name__)
DNS_DIR = "/var/lib/trust-dns"
DNS_DIR = "/var/lib/hickory-dns"
DHCP_CONFIGS = "dhcp-configs"
class Ops:
@@ -103,11 +103,11 @@ stores = {{ type = "forward", name_servers = [
return lines
def apply_zone(nm_config: NmConfig, ops: Ops) -> None:
# if we want to write /var/lib/trust-dns here, then we have to make sure the service is started, so systemd can create the directory.
# if we want to write /var/lib/hickory-dns here, then we have to make sure the service is started, so systemd can create the directory.
# ops.exec_([
# "systemctl",
# "start",
# "trust-dns-localhost",
# "hickory-dns-localhost",
# ])
specialized_config = ""
for domain in nm_config.search_domains:
@@ -125,7 +125,7 @@ def apply_zone(nm_config: NmConfig, ops: Ops) -> None:
ops.exec_([
"systemctl",
"restart",
"trust-dns-localhost",
"hickory-dns-localhost",
])
def main():
@@ -134,7 +134,7 @@ def main():
logger.info('invoked')
parser = argparse.ArgumentParser(description='update trust-dns config in response to NetworkManager event')
parser = argparse.ArgumentParser(description='update hickory-dns config in response to NetworkManager event')
parser.add_argument('--dns-dir', default=DNS_DIR)
parser.add_argument('--verbose', action='store_true')
parser.add_argument('--dry-run', action='store_true')

10
pkgs/additional/sane-scripts/src/sane-stop-all-servo
View File

@@ -9,6 +9,11 @@ systemctl stop \
ejabberd \
gitea \
goaccess \
hickory-dns-doof \
hickory-dns-hn \
hickory-dns-hn-resolver \
hickory-dns-lan \
hickory-dns-wan \
i2p \
jackett \
jellyfin \
@@ -38,11 +43,6 @@ systemctl stop \
systemctl \
tor \
transmission \
trust-dns-doof \
trust-dns-hn \
trust-dns-hn-resolver \
trust-dns-lan \
trust-dns-wan \
wireguard-wg-ovpns \
ntfy-waiter-0 \
ntfy-waiter-1 \

4
pkgs/additional/sane-scripts/src/sane-vpn
View File

@@ -296,9 +296,9 @@ stores = {{ type = "forward", name_servers = [
'''
elif dir_ == ToggleDir.Down:
text = ""
with open("/var/lib/trust-dns/dhcp-configs/sane-vpn.toml", "w") as f:
with open("/var/lib/hickory-dns/dhcp-configs/sane-vpn.toml", "w") as f:
f.write(text)
subprocess.check_call([ "systemctl", "restart", "trust-dns-localhost" ])
subprocess.check_call([ "systemctl", "restart", "hickory-dns-localhost" ])
def main():
logging.basicConfig()