2024-03-13 06:55:17 -05:00
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
2024-03-18 04:26:02 -05:00
{ inputs
, outputs
, pkgs
, config
, . . .
2024-03-17 16:04:32 -05:00
} : {
2024-03-13 06:55:17 -05:00
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
2024-03-16 07:46:36 -05:00
config . services . resolved . enable = false ;
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
# causing a risk of no dns if service fails.
config . networking = {
2024-03-18 04:26:02 -05:00
nameservers = [ " 1 0 . 8 . 1 0 . 1 " ] ; # TODO make varible IP
2024-03-16 07:46:36 -05:00
2024-03-13 06:55:17 -05:00
dhcpcd . extraConfig = " n o h o o k r e s o l v . c o n f " ;
} ;
2024-03-16 07:46:36 -05:00
# configure secret for forwarding rules
config . sops . secrets . " s y s t e m / n e t w o r k i n g / d n s c r y p t - p r o x y 2 / f o r w a r d i n g - r u l e s " . sopsFile = ./dnscrypt-proxy2.sops.yaml ;
2024-03-16 15:25:35 -05:00
config . sops . secrets . " s y s t e m / n e t w o r k i n g / d n s c r y p t - p r o x y 2 / f o r w a r d i n g - r u l e s " . mode = " 0 4 4 4 " ; # This is world-readable but theres nothing security related in the file
2024-03-16 07:46:36 -05:00
# Restart dnscrypt when secret changes
2024-03-18 04:26:02 -05:00
config . sops . secrets . " s y s t e m / n e t w o r k i n g / d n s c r y p t - p r o x y 2 / f o r w a r d i n g - r u l e s " . restartUnits = [ " d n s c r y p t - p r o x y 2 " ] ;
2024-03-16 07:46:36 -05:00
config . services . dnscrypt-proxy2 = {
2024-03-13 06:55:17 -05:00
enable = true ;
settings = {
2024-03-16 07:46:36 -05:00
require_dnssec = true ;
forwarding_rules = config . sops . secrets . " s y s t e m / n e t w o r k i n g / d n s c r y p t - p r o x y 2 / f o r w a r d i n g - r u l e s " . path ;
2024-03-20 17:45:31 -05:00
listen_addresses = [ " 0 . 0 . 0 . 0 : 5 3 " ] ;
server_names = [ " N e x t D N S " ] ;
2024-03-16 07:46:36 -05:00
static = {
2024-03-20 17:45:31 -05:00
" N e x t D N S " = {
2024-03-16 07:46:36 -05:00
stamp = " s d n s : / / A g E A A A A A A A A A A A A O Z G 5 z L m 5 l e H R k b n M u a W 8 H L 2 Y 2 Z m U z N Q " ;
2024-03-13 06:55:17 -05:00
} ;
2024-03-16 07:46:36 -05:00
} ;
2024-03-13 06:55:17 -05:00
} ;
} ;
}