blob: 0ba325bce6ffbf8dd8d5eacbbd21b31ba0f0d09c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
{ pkgs, lib, config, inputs, ... }:
{
imports = [];
config = {
networking = {
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [];
checkReversePath = "loose";
};
networkmanager.enable = true;
useDHCP = false;
nameservers = ["127.0.0.1" "::1"];
networkmanager.dns = "none";
extraHosts =
''
100.99.246.128 pc
100.105.242.70 phone
100.109.155.123 vm
'';
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
# server_names = [ ... ];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
};
}
|
