feat(nix): DNSCrypt module

It's only available in master branch at the moment
2025-05-01 16:37:19 +07:00 · 2025-05-01 16:37:19 +07:00 · 088b50dcb8
commit 088b50dcb8
parent 0a416a41f4
2 changed files with 38 additions and 0 deletions
--- a/nix/modules/darwin/dnscrypt.nix
+++ b/nix/modules/darwin/dnscrypt.nix
@ -0,0 +1,36 @@
+{ pkgs, ... }:
+
+{
+  services.dnscrypt-proxy = {
+    enable = true;
+
+    settings = {
+      server_names = [
+        "adguard-dns-doh"
+        "cloudflare"
+      ];
+
+      ipv6_servers = false;
+      require_dnssec = true;
+      require_nofilter = true;
+
+      sources.public_resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy/public_resolvers.md";
+        minisign_key =
+          "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+
+      block_ipv6 = true;
+
+      anonymized_dns.routes = [{
+        server_name = "*";
+        via = [ "anon-plan9-dns" "anon-v.dnscrypt.up-ipv4" ];
+      }];
+      anonymized_dns.skip_incompatible = true;
+    };
+  };
+}