5 networkmanager.dns = mkForce "none";
6 nameservers = [ "127.0.0.1" "::1" ];
7 #resolvconf.enable = lib.mkForce false;
8 resolvconf.useLocalResolver = true;
9 dhcpcd.extraConfig = "nohook resolv.conf";
12 # Create a user for matching egress on it in the firewall
13 systemd.services.dnscrypt-proxy2.serviceConfig.User = "dnscrypt-proxy2";
14 users.users.dnscrypt-proxy2 = {
16 group = "dnscrypt-proxy2";
18 users.groups.dnscrypt-proxy2 = { };
19 services.dnscrypt-proxy2 = {
21 # https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml
22 upstreamDefaults = true;
25 disabled_server_names = [
28 dnscrypt_servers = true;
30 fallback_resolvers = [
35 ignore_system_dns = true;
39 #proxy = "socks5://127.0.0.1:9050";
41 netprobe_timeout = 60;
47 require_dnssec = true;
48 require_nofilter = true;
50 sources.public-resolvers = {
52 "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
53 "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
55 cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
56 minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";