dnscrypt-proxy2 configuration

README.md

@@ -17,7 +17,3 @@ Normal:
 ```sh
 home-manager switch --flake .#<config name>
 ```
-
-## In Progress
-
-- https://mynixos.com/nixpkgs/option/services.dnscrypt-proxy2.enable

configurations/akane/nixos/default.nix

@@ -16,7 +16,7 @@ inputs.nixpkgs.lib.nixosSystem {
     ../../../modules/nixos/dan
     ../../../modules/nixos/dan/secrets
     ../../../modules/nixos/desktop-environment.nix
-    ../../../modules/nixos/encrypted-dns.nix
+    ../../../modules/nixos/dnscrypt-proxy.nix
     ../../../modules/nixos/locale.nix
     ../../../modules/nixos/networkmanager.nix
     ../../../modules/nixos/scanner.nix
@@ -33,6 +33,11 @@ inputs.nixpkgs.lib.nixosSystem {
 
       networking.hostName = "akane";
 
+      services.dnscrypt-proxy2.settings.forwarding_rules = "/etc/dnscrypt-proxy2/forwarding-rules.txt";
+      environment.etc."dnscrypt-proxy2/forwarding-rules.txt".text = ''
+        castle.dan-nixon.com 100.71.249.35
+      '';
+
       users.users.dan.extraGroups = ["dialout"];
 
       virtualisation.podman.enable = true;

configurations/kawashiro/nixos/default.nix

@@ -15,7 +15,7 @@ inputs.nixpkgs.lib.nixosSystem {
     ../../../modules/nixos/dan
     ../../../modules/nixos/dan/secrets
     ../../../modules/nixos/desktop-environment.nix
-    ../../../modules/nixos/encrypted-dns.nix
+    ../../../modules/nixos/dnscrypt-proxy.nix
     ../../../modules/nixos/locale.nix
     ../../../modules/nixos/networkmanager.nix
     ../../../modules/nixos/sound.nix
@@ -31,6 +31,11 @@ inputs.nixpkgs.lib.nixosSystem {
 
       networking.hostName = "kawashiro";
 
+      services.dnscrypt-proxy2.settings.forwarding_rules = "/etc/dnscrypt-proxy2/forwarding-rules.txt";
+      environment.etc."dnscrypt-proxy2/forwarding-rules.txt".text = ''
+        castle.dan-nixon.com 100.71.249.35
+      '';
+
       users.users.dan.extraGroups = ["dialout" "plugdev"];
 
       virtualisation.podman.enable = true;

configurations/maya/nixos/default.nix

@@ -14,7 +14,7 @@ inputs.nixpkgs.lib.nixosSystem {
     ../../../modules/nixos/dan
     ../../../modules/nixos/dan/secrets
     ../../../modules/nixos/desktop-environment.nix
-    ../../../modules/nixos/encrypted-dns.nix
+    ../../../modules/nixos/dnscrypt-proxy.nix
     ../../../modules/nixos/locale.nix
     ../../../modules/nixos/networkmanager.nix
     ../../../modules/nixos/sound.nix
@@ -30,6 +30,11 @@ inputs.nixpkgs.lib.nixosSystem {
 
       networking.hostName = "maya";
 
+      services.dnscrypt-proxy2.settings.forwarding_rules = "/etc/dnscrypt-proxy2/forwarding-rules.txt";
+      environment.etc."dnscrypt-proxy2/forwarding-rules.txt".text = ''
+        castle.dan-nixon.com 100.71.249.35
+      '';
+
       virtualisation.podman.enable = true;
       services.upower.enable = true;
       services.tailscale.enable = true;

configurations/yukari/nixos/default.nix

@@ -15,10 +15,9 @@ inputs.nixpkgs.lib.nixosSystem {
     })
     ./disk-config.nix
 
-    inputs.sops-nix.nixosModules.sops
     ../../../modules/nixos/base.nix
     ../../../modules/nixos/dan
-    ../../../modules/nixos/encrypted-dns.nix
+    ../../../modules/nixos/dnscrypt-proxy.nix
     ../../../modules/nixos/locale.nix
     ../../../modules/nixos/networkmanager.nix
     ../../../modules/nixos/ssh.nix

modules/nixos/dnscrypt-proxy.nix

@@ -0,0 +1,12 @@
+{...}: {
+  services.dnscrypt-proxy2 = {
+    enable = true;
+
+    settings = {
+      fallback_resolvers = ["9.9.9.9:53" "1.1.1.1:53"];
+      ignore_system_dns = true;
+
+      netprobe_address = "9.9.9.9:53";
+    };
+  };
+}