dnscrypt: move to usecases/common

author: Minijackson <minijackson@riseup.net> 2021-05-28 18:24:33 +0200
committer: Minijackson <minijackson@riseup.net> 2021-05-28 18:24:33 +0200
commit: 6a73ace61fe95a74609b210ace27e1f07026dfab (patch)
tree: 01f0d7b56907f8dccefc7db330ade48de3e9b879 /usecases/common
parent: 587e107079b6b7161472250724e211075013b053 (diff)
download: nixos-config-reborn-6a73ace61fe95a74609b210ace27e1f07026dfab.tar.gz
nixos-config-reborn-6a73ace61fe95a74609b210ace27e1f07026dfab.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix
new file mode 100644
index 0000000..fbeb61f
--- /dev/null
+++ b/usecases/common/dnscrypt.nix
@@ -0,0 +1,47 @@
+inputs:
+{ config, lib, ... }:
+{
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      static = {
+        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
+        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
+        "ns3.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
+        "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
+        "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwNzo6MzAxXToxMDUzIJjeEela3WTzMuuZTskr7aOchIg2llSDNRsHfcggITn6HzIuZG5zY3J5cHQtY2VydC5uczIuaXJpc2VkZW4uZnI";
+        "ns4.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
+        "ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
+        "ns31.de.dns.opennic.glue ethservices DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
+        "ns3.de.dns.opennic.glue Eleix DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
+      };
+      cloaking_rules = with lib;
+        let
+          inherit (config.networking) hosts;
+          entryToCloak = addr:
+            concatMapStringsSep "\n" (hostname: "${hostname} ${addr}") hosts.${addr};
+        in
+        builtins.toFile
+          "cloaking-rules.txt"
+          (concatMapStringsSep "\n" entryToCloak (attrNames config.networking.hosts));
+    };
+  };
+  networking.resolvconf.useLocalResolver = true;
+}
author	Minijackson <minijackson@riseup.net>	2021-05-28 18:24:33 +0200
committer	Minijackson <minijackson@riseup.net>	2021-05-28 18:24:33 +0200
commit	6a73ace61fe95a74609b210ace27e1f07026dfab (patch)
tree	01f0d7b56907f8dccefc7db330ade48de3e9b879 /usecases/common
parent	587e107079b6b7161472250724e211075013b053 (diff)
download	nixos-config-reborn-6a73ace61fe95a74609b210ace27e1f07026dfab.tar.gz nixos-config-reborn-6a73ace61fe95a74609b210ace27e1f07026dfab.zip

diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix new file mode 100644 index 0000000..fbeb61f --- /dev/null +++ b/usecases/common/dnscrypt.nix
@@ -0,0 +1,47 @@
	1	inputs:
	2
	3	{ config, lib, ... }:
	4
	5	{
	6	services.dnscrypt-proxy2 = {
	7	enable = true;
	8	settings = {
	9	static = {
	10	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
	11	"sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
	12	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
	13	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
	14	"ns3.fr.dns.opennic.glue iriseden DoH".stamp =
	15	"sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
	16
	17	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
	18	"sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
	19	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
	20	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwNzo6MzAxXToxMDUzIJjeEela3WTzMuuZTskr7aOchIg2llSDNRsHfcggITn6HzIuZG5zY3J5cHQtY2VydC5uczIuaXJpc2VkZW4uZnI";
	21	"ns4.fr.dns.opennic.glue iriseden DoH".stamp =
	22	"sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
	23
	24	"ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
	25	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
	26
	27	"ns31.de.dns.opennic.glue ethservices DoH".stamp =
	28	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
	29
	30	"ns3.de.dns.opennic.glue Eleix DoH".stamp =
	31	"sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
	32	};
	33
	34	cloaking_rules = with lib;
	35	let
	36	inherit (config.networking) hosts;
	37	entryToCloak = addr:
	38	concatMapStringsSep "\n" (hostname: "${hostname} ${addr}") hosts.${addr};
	39	in
	40	builtins.toFile
	41	"cloaking-rules.txt"
	42	(concatMapStringsSep "\n" entryToCloak (attrNames config.networking.hosts));
	43	};
	44	};
	45
	46	networking.resolvconf.useLocalResolver = true;
	47	}