aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/services/dns.nix39
1 files changed, 24 insertions, 15 deletions
diff --git a/modules/services/dns.nix b/modules/services/dns.nix
index 856ddaa..53347ad 100644
--- a/modules/services/dns.nix
+++ b/modules/services/dns.nix
@@ -36,8 +36,24 @@
flake.modules.darwin.dns =
{ pkgs, lib, ... }:
+ let
+ dnscryptToml = pkgs.writeText "dnscrypt-proxy.toml" ''
+ listen_addresses = ['127.0.0.1:53']
+ # The exact names of the servers as defined in the public-resolvers list
+ server_names = ['mullvad-doh', 'quad9-doh-ip4-filter-pri']
+
+ [sources]
+ [sources.'public-resolvers']
+ urls = [
+ 'https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md',
+ 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'
+ ]
+ cache_file = '/var/tmp/public-resolvers.md'
+ minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+ '';
+ in
{
- environment.systemPackages = [ pkgs.cloudflared ];
+ environment.systemPackages = [ pkgs.dnscrypt-proxy ];
networking = {
dns = [ "127.0.0.1" ];
@@ -47,25 +63,18 @@
];
};
- launchd.daemons.cloudflared-dns = {
+ launchd.daemons.dnscrypt-proxy = {
serviceConfig = {
- Label = "com.cloudflare.cloudflared-dns";
+ Label = "com.dnscrypt.proxy";
ProgramArguments = [
- "${pkgs.cloudflared}/bin/cloudflared"
- "proxy-dns"
- "--upstream"
- "https://dns.mullvad.net/dns-query"
- "--upstream"
- "https://dns.quad9.net/dns-query"
- "--port"
- "53"
- "--address"
- "127.0.0.1"
+ "${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy"
+ "-config"
+ "${dnscryptToml}"
];
RunAtLoad = true;
KeepAlive = true;
- StandardOutPath = "/var/log/cloudflared-dns.log";
- StandardErrorPath = "/var/log/cloudflared-dns.log";
+ StandardOutPath = "/var/log/dnscrypt-proxy.log";
+ StandardErrorPath = "/var/log/dnscrypt-proxy.log";
};
};
};
generated by cgit v1.3.1 (git 2.54.0) at 2026-05-30 16:19:11 +0000