From adf2ef6f4e423d58485f4b75c803aa398e895a70 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sun, 12 Apr 2026 20:52:12 +0200
Subject: [PATCH] nixos: services: wireguard: remove internal DNS

For some reason `unbound` stopped working reliably recently.

I can't be bothered to debug DNS issues, so let's remove it, it's only
marginally useful anyways.
---
 modules/nixos/services/wireguard/default.nix | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/modules/nixos/services/wireguard/default.nix b/modules/nixos/services/wireguard/default.nix
index 840ac33..9d5994c 100644
--- a/modules/nixos/services/wireguard/default.nix
+++ b/modules/nixos/services/wireguard/default.nix
@@ -81,19 +81,7 @@ let
       lib.mapAttrsToList mkPeer otherPeers;
 
     # Set up clients to use configured DNS servers
-    dns =
-      let
-        toInternalIps = peer: [
-          "${cfg.net.v4.subnet}.${toString peer.clientNum}"
-          "${cfg.net.v6.subnet}::${toString peer.clientNum}"
-        ];
-        # We know that `otherPeers` is an attribute set of servers
-        internalIps = lib.flatten
-          (lib.mapAttrsToList (_: peer: toInternalIps peer) otherPeers);
-        internalServers = lib.optionals cfg.dns.useInternal internalIps;
-      in
-      lib.mkIf (!thisPeerIsServer)
-        (internalServers ++ cfg.dns.additionalServers);
+    dns = cfg.dns.additionalServers;
   };
 in
 {
@@ -122,10 +110,6 @@ in
     };
 
     dns = {
-      useInternal = my.mkDisableOption ''
-        Use internal DNS servers from wireguard 'server'
-      '';
-
       additionalServers = mkOption {
         type = with types; listOf str;
         default = [