diff options
| author | Dmitry Ilvokhin <d@ilvokhin.com> | 2025-08-24 13:31:38 +0100 |
|---|---|---|
| committer | Dmitry Ilvokhin <d@ilvokhin.com> | 2025-08-24 13:31:38 +0100 |
| commit | 7d113fcddd341f1e4b04ceb2785087d50b8e1556 (patch) | |
| tree | a8f8e8c288c13badf9eb061bbc67c899916bc6a3 /misc/dotfiles/wireguard/onion-dns-up.sh | |
| parent | 461b380f51b6aca3113f581378846e4902bea6fe (diff) | |
| download | infra-7d113fcddd341f1e4b04ceb2785087d50b8e1556.tar.gz infra-7d113fcddd341f1e4b04ceb2785087d50b8e1556.tar.bz2 infra-7d113fcddd341f1e4b04ceb2785087d50b8e1556.zip | |
This is a simple role that works only for one host. There are multiple
complications that I should keep in mind in the future.
* There is should be a way to install dotfiles on boxes without GPG key
there. So, files with secrets in them should be gated.
* Wireguard configuration should be per host. Each host should have it
is own private key.
Diffstat (limited to 'misc/dotfiles/wireguard/onion-dns-up.sh')
| -rwxr-xr-x | misc/dotfiles/wireguard/onion-dns-up.sh | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/misc/dotfiles/wireguard/onion-dns-up.sh b/misc/dotfiles/wireguard/onion-dns-up.sh new file mode 100755 index 0000000..d8f69b9 --- /dev/null +++ b/misc/dotfiles/wireguard/onion-dns-up.sh @@ -0,0 +1,18 @@ +#! /usr/bin/env sh + +# macOS as usual has it is own way to do DNS. Even when we set DNS in +# WireGuard config, onion addresses will not be resolved anyway. Moreover, +# nslookup (and probably other standard cli utilities will work properly), but +# Firefox at the same time will not. +# The only workaround I found it to set `SupplementalMatchDomains` manually +# with `scutil`. This trick worked for OpenVPN for long time as well. + +iface=$1 +dns=$2 + +scutil <<EOF +d.init +d.add ServerAddresses * $dns +d.add SupplementalMatchDomains * onion +set State:/Network/Service/$iface/DNS +EOF |