vulpes use dnsproxy

hosts/civet/networking.nix

@@ -28,10 +28,17 @@
     enable = true;
     ruleset = ''
       table ip nat {
-      	chain prerouting {
-      		type nat hook prerouting priority filter; policy accept;
-      		iifname "ens5" udp dport 40000-50000 counter packets 0 bytes 0 dnat to :4000
-      	}
+        chain prerouting {
+          type nat hook prerouting priority filter; policy accept;
+          iifname "ens5" udp dport 40000-50000 counter packets 0 bytes 0 dnat to :4000
+        }
+      }
+
+      table ip6 nat {
+        chain prerouting {
+          type nat hook prerouting priority filter; policy accept;
+          iifname "ens5" udp dport 40000-50000 counter packets 0 bytes 0 dnat to :4000
+        }
       }
     '';
   };

hosts/vulpes/services.nix

@@ -4,6 +4,31 @@
 
   tailscale.enable = true;
 
+  resolved.enable = false;
+  dnsproxy = {
+    enable = true;
+    flags = [
+      "--cache"
+      "--cache-optimistic"
+      "--edns"
+    ];
+    settings = {
+      bootstrap = [
+        "8.8.8.8"
+        "119.29.29.29"
+        "tcp://223.6.6.6:53"
+      ];
+      listen-addrs = [ "0.0.0.0" ];
+      listen-ports = [ 53 ];
+      upstream-mode = "parallel";
+      upstream = [
+        "https://1.1.1.1/dns-query"
+        "h3://dns.alidns.com/dns-query"
+        "tls://dot.pub"
+      ];
+    };
+  };
+
   nginx = {
     enable = true;
     virtualHosts."vulpes.ocfox.me" = {

hosts/whitefox/boot.nix

@@ -1,7 +1,8 @@
 { pkgs }:
 {
-  kernelPackages = pkgs.linuxPackages_cachyos;
+  # kernelPackages = pkgs.linuxPackages_cachyos;
   loader = {
+    timeout = 30;
     grub = {
       enable = true;
       device = "nodev";

hosts/whitefox/default.nix

@@ -14,7 +14,7 @@
     inputs.niri.overlays.niri
   ];
 
-  chaotic.scx.enable = true;
+  # chaotic.scx.enable = true;
 
   xdg = {
     mime = {