kyra(hardening): hickory-dns init

Signed-off-by: s0me1newithhand7s <git+me@hand7s.org>
2026-05-03 15:58:23 +03:00 · 2026-05-03 15:58:23 +03:00 · 614e2c804a
commit 614e2c804a
parent e81f4f0829
1 changed files with 58 additions and 0 deletions
--- a/kyra/services/hickory.nix
+++ b/kyra/services/hickory.nix
@ -0,0 +1,58 @@
 _: {
  services = {
    hickory-dns = {
      enable = true;
      settings = {
        remote_resolvers = [
          {
            socket_addr = "1.1.1.1:853";
            protocol = "tls";
            tls_dns_name = "cloudflare-dns.com";
          }
          {
            socket_addr = "1.1.1.1:443";
            protocol = "https";
            tls_dns_name = "cloudflare-dns.com";
          }
          {
            socket_addr = "9.9.9.9:853";
            protocol = "tls";
            tls_dns_name = "dns.quad9.net";
          }
          {
            socket_addr = "9.9.9.9:443";
            protocol = "https";
            tls_dns_name = "dns.quad9.net";
          }
          {
            socket_addr = "8.8.8.8:853";
            protocol = "tls";
            tls_dns_name = "dns.google";
          }
          {
            socket_addr = "8.8.8.8:443";
            protocol = "https";
            tls_dns_name = "dns.google";
          }
        ];
        listen_addrs_http = [
          {
            socket_addr = "[::]:8053";
          }
        ];
        listen_addrs_tcp = [
          {
            socket_addr = "[::]:8853";
          }
        ];
      };
    };
  };
 }