host: add encrypted-dns

This commit is contained in:
Dmitriy Pleshevskiy 2024-03-21 18:18:23 +03:00
parent 98ed17f97a
commit dc694bb4e6
Signed by: pleshevskiy
GPG key ID: 17041163DA10A9A2
3 changed files with 35 additions and 0 deletions

View file

@ -11,6 +11,7 @@
../../shared/gnupg.nix
../../shared/garbage-collector.nix
../../shared/networking.secret.nix
../../shared/encrypted-dns.nix
];
# Use latest kernel

View file

@ -12,6 +12,7 @@
../../shared/gnupg.nix
../../shared/garbage-collector.nix
../../shared/networking.secret.nix
../../shared/encrypted-dns.nix
];
# Configure kernel
@ -40,6 +41,7 @@
};
networkmanager.enable = true;
firewall.allowedTCPPortRanges = [
{ from = 1300; to = 1400; }
];

View file

@ -0,0 +1,32 @@
{ ... }:
{
networking = {
nameservers = [ "127.0.0.1" "::1" ];
networkmanager.dns = "none";
};
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
# You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
server_names = [
"sdns://AgMAAAAAAAAADTE1Ny45MC4xMjQuNjKgEbEC5rH2PlKJhNYCXzKxOCQfyIu9dRlXTXDJgy1T4eigWu-EP_zy7HBV9QShYvIp-DkcNw_zphY9LbPz1gTWIr4gRE69Z7uD-IB7OSHpOKyReLiCvVCq2xEjHwRM9fCN984QZG5zLmJyYWhtYS53b3JsZAovZG5zLXF1ZXJ5"
"sdns://AgMAAAAAAAAAF1syYTAxOjRmODoxYzFjOmY1ZTE6OjFdoBGxAuax9j5SiYTWAl8ysTgkH8iLvXUZV01wyYMtU-HooFrvhD_88uxwVfUEoWLyKfg5HDcP86YWPS2z89YE1iK-IEROvWe7g_iAezkh6TiskXi4gr1QqtsRIx8ETPXwjffOEGRucy5icmFobWEud29ybGQKL2Rucy1xdWVyeQ"
];
};
};
}