nextDNS activate

[bashfulrobot]

Issue description

I suspect there might be more configuration to use the nextdns package. Currently you need to run sudo nextdns activate on boot for it to work.

Steps to reproduce

• install the package at the system level
• add to configuration.nix

services.nextdns = {
    enable = true;
    arguments = [ "-profile" "xxxxxx" "-cache-size" "10MB" ];
  };

• log into nextdns setup page to see if it detects a proper config
• when it does not, run sudo nextdns activate then refresh the web page.
• It now shows it as working.

So I suspect it may need to be added to the docs with the recommended method.

Thank you.

Technical details

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 6.1.20, NixOS, 23.05 (Stoat), 23.05.20230321.19cf008`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.13.3`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

@pnelson

[bashfulrobot]

For the sake of completeness, I just run the command via systemd at boot.

systemd.services.nextdns-activate = {
    script = ''
      /run/current-system/sw/bin/nextdns activate
    '';
    after = [ "nextdns.service" ];
    wantedBy = [ "multi-user.target" ];
  };

It has solved the issue for me (so far).

[paulsmith]

I'd also be interested in making this a better experience. On macOS, nix-darwin has it defined as a service, but it simply installs the nextdns binary and creates a launchctl config, but doesn't run the nextdns install step or activate the service.

[pnelson]

Things changed some time ago and since I was busy I just followed the NextDNS "Setup Guide" instructions to go through systemd-resolved instead of the CLI which was at one time the recommended setup and what lead to the current implementation of services.nextdns.

Here's what I use now, instead of services.nextdns:

  services.resolved = {
    enable = true;
    extraConfig = ''
      [Resolve]
      DNS=45.90.28.0#xxxxxx.dns.nextdns.io
      DNS=2a07:a8c0::#xxxxxx.dns.nextdns.io
      DNS=45.90.30.0#xxxxxx.dns.nextdns.io
      DNS=2a07:a8c1::#xxxxxx.dns.nextdns.io
      DNSOverTLS=yes
    '';
  };

NextDNS now recommends (blue badge) using systemd-resolved under the setup guide for Linux so maybe we could simplify this by simply taking a profile identifier to configure as above.

[onnyyonn]

Based on @pnelson's suggestion, I have the following in nextdns.nix:

{ config, lib, ... }:

let
  cfg = config.services.myNextDNS;
in {
  options.services.myNextDNS = {
    enable = lib.mkEnableOption "Custom NextDNS configuration";

    nextdnsId = lib.mkOption {
      type = lib.types.str;
      description = "NextDNS configuration ID";
    };
  };

  config = lib.mkIf cfg.enable {
    services.resolved = {
      enable = true;
      extraConfig = ''
        [Resolve]
        DNS=45.90.28.0#${cfg.nextdnsId}.dns.nextdns.io
        DNS=2a07:a8c0::#${cfg.nextdnsId}.dns.nextdns.io
        DNS=45.90.30.0#${cfg.nextdnsId}.dns.nextdns.io
        DNS=2a07:a8c1::#${cfg.nextdnsId}.dns.nextdns.io
        DNSOverTLS=yes
      '';
    };
  };
}

It can be imported in your configuration with:

{ config, pkgs, ... }:

{
  imports = [
    ./nextdns.nix
  ];

  services.myNextDNS = {
    enable = true;
    nextdnsId = "xxxxxx"; # Replace with your actual NextDNS ID
  };
}

The ID should be treated as a secret, though. That part needs to be changed according to the secret management method you are using.