2 files changed, 48 insertions, 0 deletions
diff --git a/usecases/desktop/default.nix b/usecases/desktop/default.nix
index 8b6687a..6a7e422 100644
--- a/usecases/desktop/default.nix
+++ b/usecases/desktop/default.nix
@@ -7,5 +7,6 @@ inputs:
 {
  imports = [
    (import ./graphical.nix inputs)
+    (import ./networking/dnscrypt.nix inputs)
  ];
 }
diff --git a/usecases/desktop/networking/dnscrypt.nix b/usecases/desktop/networking/dnscrypt.nix
new file mode 100644
index 0000000..fbeb61f
--- /dev/null
+++ b/usecases/desktop/networking/dnscrypt.nix
@@ -0,0 +1,47 @@
+inputs:
+{ config, lib, ... }:
+{
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      static = {
+        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
+        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
+        "ns3.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
+        "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
+        "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwNzo6MzAxXToxMDUzIJjeEela3WTzMuuZTskr7aOchIg2llSDNRsHfcggITn6HzIuZG5zY3J5cHQtY2VydC5uczIuaXJpc2VkZW4uZnI";
+        "ns4.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
+        "ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
+        "ns31.de.dns.opennic.glue ethservices DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
+        "ns3.de.dns.opennic.glue Eleix DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
+      };
+      cloaking_rules = with lib;
+        let
+          inherit (config.networking) hosts;
+          entryToCloak = addr:
+            concatMapStringsSep "\n" (hostname: "${hostname} ${addr}") hosts.${addr};
+        in
+        builtins.toFile
+          "cloaking-rules.txt"
+          (concatMapStringsSep "\n" entryToCloak (attrNames config.networking.hosts));
+    };
+  };
+  networking.resolvconf.useLocalResolver = true;
+}

diff --git a/usecases/desktop/default.nix b/usecases/desktop/default.nix index 8b6687a..6a7e422 100644 --- a/usecases/desktop/default.nix +++ b/usecases/desktop/default.nix
@@ -7,5 +7,6 @@ inputs:
7	{	7	{
8	imports = [	8	imports = [
9	(import ./graphical.nix inputs)	9	(import ./graphical.nix inputs)
		10	(import ./networking/dnscrypt.nix inputs)
10	];	11	];
11	}	12	}


diff --git a/usecases/desktop/networking/dnscrypt.nix b/usecases/desktop/networking/dnscrypt.nix new file mode 100644 index 0000000..fbeb61f --- /dev/null +++ b/usecases/desktop/networking/dnscrypt.nix
@@ -0,0 +1,47 @@
		1	inputs:
		2
		3	{ config, lib, ... }:
		4
		5	{
		6	services.dnscrypt-proxy2 = {
		7	enable = true;
		8	settings = {
		9	static = {
		10	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
		11	"sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
		12	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
		13	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
		14	"ns3.fr.dns.opennic.glue iriseden DoH".stamp =
		15	"sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
		16
		17	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
		18	"sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
		19	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
		20	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwNzo6MzAxXToxMDUzIJjeEela3WTzMuuZTskr7aOchIg2llSDNRsHfcggITn6HzIuZG5zY3J5cHQtY2VydC5uczIuaXJpc2VkZW4uZnI";
		21	"ns4.fr.dns.opennic.glue iriseden DoH".stamp =
		22	"sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
		23
		24	"ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
		25	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
		26
		27	"ns31.de.dns.opennic.glue ethservices DoH".stamp =
		28	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
		29
		30	"ns3.de.dns.opennic.glue Eleix DoH".stamp =
		31	"sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
		32	};
		33
		34	cloaking_rules = with lib;
		35	let
		36	inherit (config.networking) hosts;
		37	entryToCloak = addr:
		38	concatMapStringsSep "\n" (hostname: "${hostname} ${addr}") hosts.${addr};
		39	in
		40	builtins.toFile
		41	"cloaking-rules.txt"
		42	(concatMapStringsSep "\n" entryToCloak (attrNames config.networking.hosts));
		43	};
		44	};
		45
		46	networking.resolvconf.useLocalResolver = true;
		47	}