configure systemd-resolved with DoTHEAD master

Disable networkmanager from writing `/etc/resolv.conf` and use configured DNS servers with DNS over TLS. Prune down list of nameservers as Level3 and OpenDNS do not currently support DoT. Signed-off-by: Kenny Ballou <kb@devnulllabs.io>
author: Kenny Ballou <kb@devnulllabs.io> 2021-07-23 11:36:49 -0600
committer: Kenny Ballou <kb@devnulllabs.io> 2021-07-23 11:39:30 -0600
commit: 5a26ebf03cb3a3a2f16b2dc182c65424554870ba (patch)
tree: 7380a712fa7ebe339916ad7029e3b64e6c16e97e /eligos
parent: 1f00d242d279e650edc5309bf0d3874b3534570b (diff)
download: cfg.nix-master.tar.gz
cfg.nix-master.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/eligos/nftables-rules.nft b/eligos/nftables-rules.nft
index c26071e..d051a6d 100644
--- a/eligos/nftables-rules.nft
+++ b/eligos/nftables-rules.nft
@@ -39,6 +39,8 @@ table inet filter {
         iif lo oif lo counter accept
         ip saddr 127.0.0.1 ip daddr 127.0.0.1/8 counter accept
         udp dport domain counter accept
+        tcp dport domain-s counter accept
+        udp dport domain-s counter accept
         tcp dport http counter accept
         tcp dport https counter accept
         tcp dport ssh counter accept
author	Kenny Ballou <kb@devnulllabs.io>	2021-07-23 11:36:49 -0600
committer	Kenny Ballou <kb@devnulllabs.io>	2021-07-23 11:39:30 -0600
commit	5a26ebf03cb3a3a2f16b2dc182c65424554870ba (patch)
tree	7380a712fa7ebe339916ad7029e3b64e6c16e97e /eligos
parent	1f00d242d279e650edc5309bf0d3874b3534570b (diff)
download	cfg.nix-master.tar.gz cfg.nix-master.tar.xz