 | NixOS Networking | 906 Members |
| Declaratively manage your switching, routing, wireless, tunneling and more. | 263 Servers |
| NixOS Networking | 906 Members |
| Declaratively manage your switching, routing, wireless, tunneling and more. | 263 Servers |
| Sender | Message | Time |
|---|---|---|
| 22 Dec 2025 | ||
 K900 | They don't manage resolv.conf because resolv.conf is not sufficient to express the logic they implement | 16:06:10 |
 Acid Bong | got it | 16:11:56 |
| Acid Bong | so they run in the background? | 16:12:06 |
| K900 | Yes | 16:12:10 |
| K900 | There's a daemon running in the background | 16:12:16 |
| Acid Bong | now NixOS-specific: why does Resolved module sets NetworkManager resolver, but Dnsmasq doesn't? | 17:01:52 |
| K900 | Because dnsmasq is weird and NM runs its own | 17:04:27 |
| 24 Dec 2025 | ||
 woobilicious | Thinking I might use unbound since it's easier to configure, and then setup a service that periodically pulls adblock lists and adds them as a blacklist, dnscrypt seems like the technical better solution since it's udp based, but DoT seems more wildly supported | 04:59:23 |
 emily | dnscrypt-proxy2 can itself do blocking IIRC | 05:07:48 |
 magic_rb | I dont want blocking as a feature. I have ublock everywhere and dont run much proprietary software | 08:36:49 |
 Pratham Patel | At the moment, I have a very simple firewall rule for my router to ensure traffic between private and guest networks don't ever interfere. The configuration for that is here. Additionally, I have a helper function of sorts to create wireguard interfaces. Given I'm very new to firewall rules and routing, I'm not sure how to ensure that all traffic from the private network is routed via the wireguard interface but the guest network's traffic exits without ever touching the wireguard interface. Let's call it I believe that this setup will require the following additional rules to the And also require a new This is what I have come up with so far. Is there anything else that I'm missing, or doing wrong? | 08:57:37 |
| Pratham Patel | * At the moment, I have a very simple firewall rule for my router to ensure traffic between private and guest networks don't ever interfere. The configuration for that is here. Additionally, I have a helper function of sorts to create wireguard interfaces. Given I'm very new to firewall rules and routing, I'm not sure how to ensure that all traffic from the private network is routed via the wireguard interface but the guest network's traffic exits without ever touching the wireguard interface. Let's call it I believe that this setup will require the following additional rules to the And also require a new This is what I have come up with so far. Is there anything else that I'm missing, or doing wrong? (edit: switched git reference from master to a specific commit) | 09:02:24 |
| Pratham Patel | * At the moment, I have a very simple firewall rule for my router to ensure traffic between private and guest networks don't ever interfere. The configuration for that is here. Additionally, I have a helper function of sorts to create wireguard interfaces. Given I'm very new to firewall rules and routing, I'm not sure how to ensure that all traffic from the private network is routed via the wireguard interface but the guest network's traffic exits without ever touching the wireguard interface. Let's call it I believe that this setup will require the following additional rules to the And also require a new This is what I have come up with so far. Is there anything else that I'm missing, or doing wrong? (edit: switched git reference from master to a specific commit) | 09:02:49 |
| Pratham Patel | * At the moment, I have a very simple firewall rule for my router to ensure traffic between private and guest networks don't ever interfere. The configuration for that is here. Additionally, I have a helper function of sorts to create wireguard interfaces. Given I'm very new to firewall rules and routing, I'm not sure how to ensure that all traffic from the private network is routed via the wireguard interface but the guest network's traffic exits without ever touching the wireguard interface. Let's call it I believe that this setup will require the following additional rules to the And also require a new This is what I have come up with so far. Is there anything else that I'm missing, or doing wrong? (edit: switched git reference from master to a specific commit) | 09:04:06 |
 pltrz joined the room. | 12:41:07 | |
| Acid Bong | does systemd-resolved support secret configs? judging by man resolved.conf, it only accepts entries from systemd/resolved.conf[.d/*.conf] | 16:46:31 |
 Autiboy | You might be able to use agenix | 16:52:57 |
| Acid Bong | i already use sops-nix, how would it be different? | 16:54:13 |
| Autiboy | It shouldn't be that different | 16:56:29 |
| Acid Bong | but does resolved support configs from outside /etc/systemd? | 16:56:52 |
| Autiboy | I don't know. But if your trying to specify a secrets file in a unit you can use extraConfig | 16:59:05 |
 Marcel | Sops also supports installing secrets so any location. Not just /run/secrets | 16:59:36 |
| Acid Bong | ah, TIL | 17:00:36 |
| Marcel | * | 17:18:50 |
| Acid Bong | on a semi-related note, I want to use NextDNS without its client, which option of the listed ones (Resolved, Dnsmasq, Stubby, DNScrypt, Kresd, Cloudflared, Unbound) is the most convenient/fitting for a laptop-only setup? | 17:27:17 |
| Acid Bong | * on a semi-related note, I want to use NextDNS without its client, which option of the listed ones (Resolved, Dnsmasq, Stubby, DNScrypt, Kresd, Cloudflared, Unbound) is the most convenient/fitting for a laptop-only setup, with ot without considering NixOS? | 17:28:44 |
| K900 | resolved is definitely the least work | 17:33:35 |
| Acid Bong | and already integrates with NetworkManager | 17:34:25 |
| Acid Bong | (but so does Dnsmasq 🤔 ) | 17:34:40 |
| Acid Bong | ight, the resolved config works well, only one moment: why are some queries detected both from my laptop (DNS-over-TLS + custom ID) and from my router (plain IP)? | 20:34:50 |