From 81897b76214d191340e2451278b0f2568757b9bf Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Thu, 14 Dec 2023 09:25:02 +0900
Subject: Use OpenNIC DNS over TLS

---
 guix/system.scm       | 22 ++++++++++++++++------
 nix/configuration.nix | 11 +----------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/guix/system.scm b/guix/system.scm
index 5c4428e..724466c 100644
--- a/guix/system.scm
+++ b/guix/system.scm
@@ -1,6 +1,3 @@
-;; This is an operating system configuration generated
-;; by the graphical installer.
-
 (use-modules (gnu)
              (gnu system setuid))
 (use-service-modules avahi desktop dict dns networking nix sound ssh xorg)
@@ -47,6 +44,21 @@
            (service nftables-service-type
                     (nftables-configuration
                       (ruleset (local-file "./nftables.conf"))))
+           (service
+             smartdns-service-type
+             (smartdns-configuration
+               (servers-tls
+                 (map (lambda (address)
+                        (smartdns-server-configuration (ip address)))
+                      '("137.220.55.93" ;ns1.ca.dns.opennic.glue
+                        "51.254.162.59" ;ns9.de.dns.opennic.glue
+                        "217.160.70.42" ;ns13.de.dns.opennic.glue
+                        "178.254.22.166" ;ns16.de.dns.opennic.glue
+                        "81.169.136.222" ;ns18.de.dns.opennic.glue
+                        "94.16.114.254" ;ns28.de.dns.opennic.glue
+                        "194.36.144.87" ;ns29.de.dns.opennic.glue
+                        "185.181.61.24" ;ns1.no.dns.opennic.glue
+                        "168.235.111.72")))));ns2.ny.us.dns.opennic.glue
            (service static-networking-service-type
                     (list (static-networking
                             (addresses
@@ -57,9 +69,7 @@
                               (list (network-route
                                       (destination "default")
                                       (gateway "192.168.0.1"))))
-                            (name-servers
-                              '("147.182.243.49" ; ns4.ca.us
-                                "103.1.206.179"))))) ; ns2.au
+                            (name-servers '("localhost")))))
            (service avahi-service-type)
            (service udisks-service-type)
            (service elogind-service-type)
diff --git a/nix/configuration.nix b/nix/configuration.nix
index 284a588..4486354 100644
--- a/nix/configuration.nix
+++ b/nix/configuration.nix
@@ -153,24 +153,15 @@
 
     smartdns = {
       enable = true;
-      settings.server = [
-        "37.252.191.197" "2a00:63c1:10:197::2" # ns1.at
-        "103.1.206.179" "2400:c400:1002:11:fed:bee0:4433:6fb0" # ns2.au
-        "168.138.8.38" "2603:c023:c002:f4aa:a208:5df4:ee55:b70a" # ns4.au
-        "168.138.12.137" "2603:c023:c002:f4aa:9e63:198d:9c4:cced" # ns5.au
+      settings.server-tls = [
         "137.220.55.93" "2001:19f0:b001:379:5400:3ff:fe68:1cc6" # ns1.ca
-        "94.247.43.254" "2a00:f826:8:1::254" # ns7.de
-        "195.10.195.195" "2a00:f826:8:2::195" # ns8.de
         "51.254.162.59" "2001:41d0:303:3adf:205::" # ns9.de
         "217.160.70.42" "2001:8d8:1801:86e7::1" # ns13.de
         "178.254.22.166" "2a00:6800:3:4bd::1" # ns16.de
         "81.169.136.222" "2a01:238:4231:5200::1" # ns18.de
         "94.16.114.254" "2a03:4000:28:365::1" # ns28.de
         "194.36.144.87" "2a03:4000:4d:c92:88c0:96ff:fec6:b9d" # ns29.de
-        "195.10.195.195" "2a00:f826:8:2::195" # ns31.de
-        "94.247.43.254" "2a00:f826:8:1::254" # ns8.he.de
         "185.181.61.24" "2a03:94e0:1804::1" # ns1.no
-        "104.248.14.193" "2604:a880:800:10::92e:d001" # ns2.nj.us
         "168.235.111.72" "2604:180:f3::132" # ns2.ny.us
       ]; # dns.opennic.glue
     };
-- 
cgit 1.4.1