646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
39 lines
1.1 KiB
Nix
39 lines
1.1 KiB
Nix
{ lib, ... }:
|
|
let
|
|
localProxyPort = 43;
|
|
in
|
|
{
|
|
name = "dnscrypt-proxy";
|
|
meta.maintainers = with lib.maintainers; [ joachifm ];
|
|
|
|
nodes = {
|
|
# A client running the recommended setup: DNSCrypt proxy as a forwarder
|
|
# for a caching DNS client.
|
|
client =
|
|
{ ... }:
|
|
{
|
|
security.apparmor.enable = true;
|
|
|
|
services.dnscrypt-proxy.enable = true;
|
|
services.dnscrypt-proxy.settings = {
|
|
listen_addresses = [ "127.0.0.1:${toString localProxyPort}" ];
|
|
sources.public-resolvers = {
|
|
urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ];
|
|
cache_file = "public-resolvers.md";
|
|
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
|
|
refresh_delay = 72;
|
|
};
|
|
};
|
|
|
|
services.dnsmasq.enable = true;
|
|
services.dnsmasq.settings.server = [ "127.0.0.1#${toString localProxyPort}" ];
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
client.wait_for_unit("dnsmasq")
|
|
client.wait_for_unit("dnscrypt-proxy")
|
|
client.wait_until_succeeds("ss --numeric --udp --listening | grep -q ${toString localProxyPort}")
|
|
'';
|
|
}
|