TheGeneralist
572647d7c4
- `internal.thegeneralist01.com` and `archive.thegeneralist01.com` are not public. I have Split DNS enabled on them (in Tailscale), with the IP of the DNS server set to a private Tailscale IP of my home server; - CoreDNS (also on my home server) is used to resolve the two private domains' IPs to the home server itself; - nginx only listens to its machine's (home server's) Tailscale IP; - Therefore, all of it is hermetic!
14 lines
303 B
Nix
14 lines
303 B
Nix
{ config, lib, ... }: let
|
|
inherit (lib) mkIf concatStringsSep;
|
|
in {
|
|
services.resolved = mkIf (!config.isServer) {
|
|
enable = true;
|
|
|
|
extraConfig = config.dnsServers
|
|
|> map (server: "DNS=${server}")
|
|
|> concatStringsSep "\n";
|
|
|
|
dnssec = "true";
|
|
dnsovertls = "true";
|
|
};
|
|
}
|