mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-11-09 16:18:34 +01:00
b95b91c956
Renames the `dnscrypt-proxy2` module (back) to `dnscrypt-proxy`, to match the package, which was renamed in 2023. The systemd service is also renamed to `dnscrypt-proxy`, but an alias to `dnscrypt-proxy2` is provided for backwards compatibility.
39 lines
1.1 KiB
Nix
39 lines
1.1 KiB
Nix
{ lib, ... }:
|
|
let
|
|
localProxyPort = 43;
|
|
in
|
|
{
|
|
name = "dnscrypt-proxy";
|
|
meta.maintainers = with lib.maintainers; [ joachifm ];
|
|
|
|
nodes = {
|
|
# A client running the recommended setup: DNSCrypt proxy as a forwarder
|
|
# for a caching DNS client.
|
|
client =
|
|
{ ... }:
|
|
{
|
|
security.apparmor.enable = true;
|
|
|
|
services.dnscrypt-proxy.enable = true;
|
|
services.dnscrypt-proxy.settings = {
|
|
listen_addresses = [ "127.0.0.1:${toString localProxyPort}" ];
|
|
sources.public-resolvers = {
|
|
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
|
|
cache_file = "public-resolvers.md";
|
|
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
|
|
refresh_delay = 72;
|
|
};
|
|
};
|
|
|
|
services.dnsmasq.enable = true;
|
|
services.dnsmasq.settings.server = [ "127.0.0.1#${toString localProxyPort}" ];
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
client.wait_for_unit("dnsmasq")
|
|
client.wait_for_unit("dnscrypt-proxy")
|
|
client.wait_until_succeeds("ss --numeric --udp --listening | grep -q ${toString localProxyPort}")
|
|
'';
|
|
}
|