c4b32c047a
* Add omarchy-setup-cloudflare-dns script Addresses issue #745 by providing user choice for DNS configuration. Features: - Makes Cloudflare DNS opt-in instead of forced default - Preserves local development environments with DHCP option - Includes custom DNS configuration support - Provides backup/restore functionality - Follows Omarchy naming conventions Fixes #745 * Address DHH feedback on DNS configuration script Changes based on maintainer review: - Rename script to omarchy-setup-dns (more generic name) - Remove /usr/local/bin installation (use PATH instead) - Add migration to reset automatic Cloudflare DNS to DHCP - Force DNS on physical interfaces only using systemd-networkd - Exclude docker/virtual interfaces from forced DNS Fixes local development environment issues while making Cloudflare DNS opt-in. * Use timestamped backups and remove restore function Follow Omarchy backup standards by using timestamped backup files instead of fixed names. Remove restore function since backups now have unpredictable names - users can manually restore if needed. This matches the pattern used in omarchy-refresh-config. * Add DNS over TLS support for enhanced security Enable opportunistic DNS over TLS when using Cloudflare DNS. This encrypts DNS queries when possible while falling back to regular DNS if TLS isn't available, providing security without breaking compatibility. Thanks to the suggestion in #696 for highlighting this improvement. * Add certificate validation for DNS over TLS The DNS servers now include their proper hostnames for certificate validation (cloudflare-dns.com and dns.google). This ensures we're actually talking to the real DNS servers when using encrypted DNS, not some imposter. Completes the implementation suggested in #696. * Prevent backup file accumulation Clean up old backup files before creating new ones to prevent the accumulation of .bak.* files over time. Keeps only the most recent backup while maintaining the timestamped naming pattern. This ensures the system doesn't get cluttered with countless backup files from repeated script runs. * Simplify DNS setup script per review feedback Reduced script complexity from 227 to 58 lines while maintaining core functionality. Removed unnecessary backup system and systemd-networkd configuration. Kept essential features: Cloudflare DNS with TLS, DHCP mode, and custom DNS option. Script now follows established Omarchy conventions for simplicity and size. * Allow setup from omarchy-menu * Integrate into Omarchy Menu * Align parameter --------- Co-authored-by: David Heinemeier Hansson <david@hey.com>
33 lines
1.3 KiB
Bash
Executable File
33 lines
1.3 KiB
Bash
Executable File
echo "Reset DNS configuration to DHCP (remove forced Cloudflare DNS)"
|
|
|
|
# Reset DNS to use DHCP by default instead of forcing Cloudflare
|
|
# This preserves local development environments (.local domains, etc.)
|
|
# Users can still opt-in to Cloudflare DNS using: omarchy-setup-dns cloudflare
|
|
|
|
if [ -f /etc/systemd/resolved.conf ]; then
|
|
# Backup current config with timestamp
|
|
backup_timestamp=$(date +"%Y%m%d%H%M%S")
|
|
sudo cp /etc/systemd/resolved.conf "/etc/systemd/resolved.conf.bak.${backup_timestamp}"
|
|
|
|
# Remove explicit DNS entries to use DHCP
|
|
sudo sed -i '/^DNS=/d' /etc/systemd/resolved.conf
|
|
sudo sed -i '/^FallbackDNS=/d' /etc/systemd/resolved.conf
|
|
|
|
# Add empty DNS entries to ensure DHCP is used
|
|
echo "DNS=" | sudo tee -a /etc/systemd/resolved.conf >/dev/null
|
|
echo "FallbackDNS=" | sudo tee -a /etc/systemd/resolved.conf >/dev/null
|
|
|
|
# Remove any forced DNS config from systemd-networkd
|
|
if [ -f /etc/systemd/network/99-omarchy-dns.network ]; then
|
|
sudo rm -f /etc/systemd/network/99-omarchy-dns.network
|
|
sudo systemctl restart systemd-networkd
|
|
fi
|
|
|
|
# Restart systemd-resolved to apply changes
|
|
sudo systemctl restart systemd-resolved
|
|
|
|
echo "DNS configuration reset to use DHCP (router DNS)"
|
|
echo "To use Cloudflare DNS, run: omarchy-setup-dns Cloudflare"
|
|
fi
|
|
|