xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

modules/network: let dns traffic passthrough dae

Browse source
This commit is contained in:
xinyangli 2025-05-08 17:37:09 +08:00
parent a36fd4794c
commit 0fa0d8d75c
No known key found for this signature in database
5 changed files with 3438 additions and 722 deletions
Download patch file Download diff file Expand all files Collapse all files

3
machines/calcite/network.nix
View file

@ -24,10 +24,9 @@ in
}; };
}; };
# Enable Tailscale
services.tailscale = { services.tailscale = {
enable = true; enable = true;
extraUpFlags = [ "--accept-dns=false" ]; extraUpFlags = [ "--accept-routes" ];
}; };
# services.tailscale.useRoutingFeatures = "both"; # services.tailscale.useRoutingFeatures = "both";

4127
modules/nixos/common-settings/china-domains.txt
View file

File diff suppressed because it is too large Load diff

11
modules/nixos/common-settings/mainland.nix
View file

@ -102,7 +102,7 @@ in
upstream { upstream {
globaldns: 'tls://dns.quad9.net' globaldns: 'tls://dns.quad9.net'
cndns: 'h3://dns.alidns.com:443' cndns: 'quic://dns.alidns.com:853'
tsdns: 'udp://100.100.100.100' tsdns: 'udp://100.100.100.100'
localdns: 'udp://127.0.0.1:53' localdns: 'udp://127.0.0.1:53'
} }
@ -133,6 +133,11 @@ in
filter: name(regex: '^(fra)[0-9]+') [add_latency: -150ms] filter: name(regex: '^(fra)[0-9]+') [add_latency: -150ms]
policy: min_moving_avg policy: min_moving_avg
} }
clean_ip {
filter: name(regex: '^(fra)[0-9]+') [add_latency: -150ms]
policy: fixed(0)
}
} }
# See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples. # See https://github.com/daeuniverse/dae/blob/main/docs/en/configuration/routing.md for full examples.
@ -156,9 +161,13 @@ in
# === Force Proxy === # === Force Proxy ===
domain(geosite:linkedin) -> default_group domain(geosite:linkedin) -> default_group
domain(full: sourceware.org) -> clean_ip
# === Custom direct rules === # === Custom direct rules ===
domain(geosite:cn) -> direct domain(geosite:cn) -> direct
domain(geosite:steam@cn) -> direct
domain(suffix:steamserver.net) -> direct
domain(suffix:test.steampowered.com) -> direct
dip(geoip:cn) -> direct dip(geoip:cn) -> direct

12
modules/nixos/common-settings/network.nix
View file

@ -22,7 +22,9 @@ in
networking.resolvconf = mkIf cfg.localdns.enable { networking.resolvconf = mkIf cfg.localdns.enable {
enable = true; enable = true;
dnsExtensionMechanism = false; dnsExtensionMechanism = false;
useLocalResolver = true; # We should disable local resolver if dae is enabled
# to let dns traffic go through dae
useLocalResolver = !config.commonSettings.network.enableProxy;
}; };
services.resolved.enable = mkIf cfg.localdns.enable false; services.resolved.enable = mkIf cfg.localdns.enable false;
@ -88,9 +90,13 @@ in
''; '';
in in
globalSettings globalSettings
+ (if config.services.dae.enable then proxySettings else "")
+ (if config.services.tailscale.enable then tsSettings else "") + (if config.services.tailscale.enable then tsSettings else "")
+ (if config.inMainland then mainlandSettings else overseaSettings); + (
if config.commonSettings.network.enableProxy then
proxySettings + mainlandSettings
else
overseaSettings
);
}; };
}; };
} }

7
scripts/update-china-list.sh
View file

@ -2,3 +2,10 @@ output_file="modules/nixos/common-settings/china-domains.txt"
curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/accelerated-domains.china.raw.txt" > "$output_file" curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/accelerated-domains.china.raw.txt" > "$output_file"
curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/apple.china.raw.txt" >> "$output_file" curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/apple.china.raw.txt" >> "$output_file"
curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/google.china.raw.txt" >> "$output_file" curl "https://raw.githubusercontent.com/peeweep/dnsmasq-china-list-raw/refs/heads/master/google.china.raw.txt" >> "$output_file"
# extra rules
cat >> $output_file <<- EOM
test.steampowered.com
steamserver.net
api.steampowered.com
EOM