test: dns

jz8132543 · Feb 25, 2024 · 067fd99 · 067fd99
1 parent 5ff5149
commit 067fd99
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/nixos/modules/base/dns-client.nix b/nixos/modules/base/dns-client.nix
@@ -8,7 +8,8 @@ in {
   networking =
     if cfg.enable
     then {
-      nameservers = ["127.0.0.2" "127.0.0.55"];
+      # nameservers = ["127.0.0.2" "127.0.0.55"];
+      nameservers = ["127.0.0.55"];
       # resolvconf.enable = lib.mkForce false;
       dhcpcd.extraConfig = "nohook resolv.conf";
       networkmanager.dns = lib.mkForce "none";
@@ -67,7 +68,24 @@ in {
       };
     };
   };
-  # systemd.services.dnscrypt-proxy2.serviceConfig = {
-  #   StateDirectory = "dnscrypt-proxy";
-  # };
+  # Add polkit rule to allow systemd-resolved to change DNS config
+  security.polkit.extraConfig = ''
+    polkit.addRule(function(action, subject) {
+        if (subject.isInGroup("systemd-resolve") && (
+            action.id == "org.freedesktop.resolve1.register-service" ||
+            action.id == "org.freedesktop.resolve1.revert" ||
+            action.id == "org.freedesktop.resolve1.set-default-route" ||
+            action.id == "org.freedesktop.resolve1.set-dns-over-tls" ||
+            action.id == "org.freedesktop.resolve1.set-dns-servers" ||
+            action.id == "org.freedesktop.resolve1.set-dnssec" ||
+            action.id == "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors" ||
+            action.id == "org.freedesktop.resolve1.set-domains" ||
+            action.id == "org.freedesktop.resolve1.set-llmnr" ||
+            action.id == "org.freedesktop.resolve1.set-mdns" ||
+            action.id == "org.freedesktop.resolve1.unregister-service"
+        )) {
+            return polkit.Result.YES;
+        }
+    });
+  '';
 }
diff --git a/nixos/modules/desktop/apps.nix b/nixos/modules/desktop/apps.nix
@@ -6,7 +6,7 @@
   programs = {
     clash-verge = {
       enable = true;
-      # autoStart = true;
+      autoStart = true;
       tunMode = true;
     };
   };

diff --git a/nixos/modules/desktop/clash.nix → nixos/modules/desktop/sing-box.nix.bak b/nixos/modules/desktop/clash.nix → nixos/modules/desktop/sing-box.nix.bak