summary refs log tree commit diff
path: root/profiles/network.nix
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/network.nix')
-rw-r--r--profiles/network.nix24
1 files changed, 24 insertions, 0 deletions
diff --git a/profiles/network.nix b/profiles/network.nix
index 5aee7a1..8e6a83d 100644
--- a/profiles/network.nix
+++ b/profiles/network.nix
@@ -15,5 +15,29 @@
       nameservers = ["127.0.0.1" "::1"];
       networkmanager.dns = "none";
     };
+
+    services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+
+      # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
+      # server_names = [ ... ];
+    };
+    };
+
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy";
+    };
   };
 }
\ No newline at end of file
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 23:57:54 +0000