MirageOS

Whether to enable dnsvizor.

The main network interface of the host.

Memory limit of the unikernel in MB.

Whether to enable opening ports in the firewall for dnsvizor.

The dnsvizor (hvt target) package to use. We assume dnsvizor.hvt exists at the root dir of the package.

Whether efforts have been taken to make sure packet forwarding is secure.

Configuration for the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

The seed (base64 encoded) used to generate the private key for the certificate. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

::: {.warning} This secret will be copied into the nix store in clear text. :::

Domains to block. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Web addresses to fetch DNS block lists from. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Upstream DNS resolver. By default, it runs as a recursive DNS resolver. If this is specified, it runs as a stub DNS resolver instead. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Show help instead of running the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

The hostname (SNI for the certificate, entry in DNS) of the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

The HTTPS port. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

IPv4 network address and prefix length for the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

IPv4 gateway of the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Only use IPv4 for the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

IPv6 network address and prefix length for the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

IPv6 gateway of the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Only use IPv6 for the unikernel. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Don't read the synthesized /etc/hosts which contains only {option}services.dnsvizor.hostname. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Disable TLS: web interface and DNS-over-TLS/DNS-over-HTTPS. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Use opportunistic TLS from recursive resolver to authoriative (RFC 9539). See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

Password used for authentication. See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.

::: {.tip} The space character needs to be escaped with \\. :::

::: {.warning} This secret will be copied into the nix store in clear text. :::

Use qname minimisation (RFC 9156). See upstream online documentation for more information. Setting {option}services.dnsvizor.settings.help shows the help message locally at runtime.