nixos/profiles/dnscrypt-proxy2.nix

   1 { config, pkgs, lib, ... }:
   2 {
   3 networking = {
   4   networkmanager.dns = "none";
   5   nameservers = [ "127.0.0.1" "::1" ];
   6   #resolvconf.enable = lib.mkForce false;
   7   resolvconf.useLocalResolver = true;
   8   dhcpcd.extraConfig = "nohook resolv.conf";
   9 };
  10 systemd.services.dnscrypt-proxy2.serviceConfig.StandardOuput = "journal";
  11 services.dnscrypt-proxy2 = {
  12   enable = true;
  13   # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
  14   # FIXME: uncomment when updating to 21.05
  15   #upstreamDefaults = true;
  16   settings = {
  17     cache = true;
  18     disabled_server_names = [
  19       "cloudflare"
  20     ];
  21     dnscrypt_servers = true;
  22     doh_servers = true;
  23     fallback_resolvers = [
  24       "9.9.9.9:53" # Quad9
  25       "8.8.8.8:53" # Google
  26     ];
  27     force_tcp = false;
  28     ignore_system_dns = true;
  29     ipv4_servers = true;
  30     ipv6_servers = true;
  31     log_level = 2;
  32     #proxy = "socks5://127.0.0.1:9050";
  33     max_clients = 250;
  34     netprobe_timeout = 60;
  35     query_log = {
  36       file = "/dev/stdout";
  37       format = "tsv";
  38       ignored_qtypes = [];
  39     };
  40     require_dnssec = true;
  41     require_nofilter = true;
  42     require_nolog = true;
  43     sources.public-resolvers = {
  44       urls = [
  45         "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
  46         "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
  47       ];
  48       cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
  49       minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
  50     };
  51     timeout = 5000;
  52     use_syslog = true;
  53   };
  54 };
  55 }