From 088b50dcb835276bd93d659d31d9060fe3671e67 Mon Sep 17 00:00:00 2001 From: Ahmad Ansori Palembani Date: Thu, 1 May 2025 16:37:19 +0700 Subject: [PATCH] feat(nix): DNSCrypt module It's only available in master branch at the moment --- nix/modules/darwin/dnscrypt.nix | 36 +++++++++++++++++++++++++++++++++ nix/systems/darwin/default.nix | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 nix/modules/darwin/dnscrypt.nix diff --git a/nix/modules/darwin/dnscrypt.nix b/nix/modules/darwin/dnscrypt.nix new file mode 100644 index 0000000..545726c --- /dev/null +++ b/nix/modules/darwin/dnscrypt.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: + +{ + services.dnscrypt-proxy = { + enable = true; + + settings = { + server_names = [ + "adguard-dns-doh" + "cloudflare" + ]; + + ipv6_servers = false; + require_dnssec = true; + require_nofilter = true; + + sources.public_resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy/public_resolvers.md"; + minisign_key = + "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + + block_ipv6 = true; + + anonymized_dns.routes = [{ + server_name = "*"; + via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ]; + }]; + anonymized_dns.skip_incompatible = true; + }; + }; +} diff --git a/nix/systems/darwin/default.nix b/nix/systems/darwin/default.nix index 622fef7..4de4ed5 100644 --- a/nix/systems/darwin/default.nix +++ b/nix/systems/darwin/default.nix @@ -43,6 +43,7 @@ in modules = [ inputs.spicetify-nix.nixosModules.default # Also works on nix-darwin thanks to it being nixosConfiguration replacement for macOS ./configuration.nix + #../../modules/darwin/dnscrypt.nix ] ++ kanataModules; }; @@ -73,6 +74,7 @@ in modules = [ inputs.spicetify-nix.nixosModules.default ./configuration.nix + #../../modules/darwin/dnscrypt.nix ] ++ kanataModules; }; }