1 files changed, 34 insertions, 5 deletions
diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix
index fbeb61f..17f4d63 100644
--- a/usecases/common/dnscrypt.nix
+++ b/usecases/common/dnscrypt.nix
@@ -6,13 +6,27 @@ inputs:
  services.dnscrypt-proxy2 = {
    enable = true;
    settings = {
+      # A properly maintained list, in case all servers goes down
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/opennic.md"
+        ];
+        cache_file = "opennic.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        refresh_delay = 72;
+      };
      static = {
+        # French servers
+        "ns1.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmZyCWRucy1xdWVyeQ";
        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
          "sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
        "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
          "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
-        "ns3.fr.dns.opennic.glue iriseden DoH".stamp =
-          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
        "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
          "sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
@@ -21,14 +35,29 @@ inputs:
        "ns4.fr.dns.opennic.glue iriseden DoH".stamp =
          "sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
+        "ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAETE1MS44MC4yMjIuNzk6NDQzIKnWMjpPJYAJJhl1FQLOIx4fdtned2yHxruyig7_2w5OIDIuZG5zY3J5cHQtY2VydC5vcGVubmljLmkycGQueHl6";
+        "ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAG1syMDAxOjQ3MDoxZjE1OmI4MDo6NTNdOjQ0MyCp1jI6TyWACSYZdRUCziMeH3bZ3ndsh8a7sooO_9sOTiAyLmRuc2NyeXB0LWNlcnQub3Blbm5pYy5pMnBkLnh5eg";
+        # Deutschland
        "ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
+        "ns21.de.dns.opennic.glue DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEDc4LjQ3LjI0My4zOjEwNTMgN4CAbUDR-b3uJJMVzfCdL9ivVV7s8wRhifLRPWBfSmQdMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
+        "ns21.de.dns.opennic.glue DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHFsyYTAxOjRmODoxYzBjOjgwYzk6OjFdOjEwNTMgcmZXgMxIKLKAtkLUX7t6Lhw7j4-PIqXir5hMytnM-W8dMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
+        "ns28.de.dns.opennic.glue DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAVd3d3LmphYmJlci1nZXJtYW55LmRlCWRucy1xdWVyeQ";
+        "ns29.de.dns.opennic.glue DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAQd3d3Lm1vcmJpdHplci5kZQlkbnMtcXVlcnk";
        "ns31.de.dns.opennic.glue ethservices DoH".stamp =
          "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
-        "ns3.de.dns.opennic.glue Eleix DoH".stamp =
-          "sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
      };
      cloaking_rules = with lib;

diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix index fbeb61f..17f4d63 100644 --- a/usecases/common/dnscrypt.nix +++ b/usecases/common/dnscrypt.nix
@@ -6,13 +6,27 @@ inputs:
6	services.dnscrypt-proxy2 = {	6	services.dnscrypt-proxy2 = {
7	enable = true;	7	enable = true;
8	settings = {	8	settings = {
		9
		10	# A properly maintained list, in case all servers goes down
		11	sources.public-resolvers = {
		12	urls = [
		13	"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md"
		14	"https://download.dnscrypt.info/resolvers-list/v3/opennic.md"
		15	];
		16	cache_file = "opennic.md";
		17	minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
		18	refresh_delay = 72;
		19	};
		20
9	static = {	21	static = {
		22	# French servers
		23
		24	"ns1.fr.dns.opennic.glue iriseden DoH".stamp =
		25	"sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmZyCWRucy1xdWVyeQ";
10	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =	26	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
11	"sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";	27	"sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
12	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =	28	"ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
13	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";	29	"sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
14	"ns3.fr.dns.opennic.glue iriseden DoH".stamp =
15	"sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
16		30
17	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =	31	"ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
18	"sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";	32	"sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
@@ -21,14 +35,29 @@ inputs:
21	"ns4.fr.dns.opennic.glue iriseden DoH".stamp =	35	"ns4.fr.dns.opennic.glue iriseden DoH".stamp =
22	"sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";	36	"sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
23		37
		38	"ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
		39	"sdns://AQcAAAAAAAAAETE1MS44MC4yMjIuNzk6NDQzIKnWMjpPJYAJJhl1FQLOIx4fdtned2yHxruyig7_2w5OIDIuZG5zY3J5cHQtY2VydC5vcGVubmljLmkycGQueHl6";
		40	"ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
		41	"sdns://AQcAAAAAAAAAG1syMDAxOjQ3MDoxZjE1OmI4MDo6NTNdOjQ0MyCp1jI6TyWACSYZdRUCziMeH3bZ3ndsh8a7sooO_9sOTiAyLmRuc2NyeXB0LWNlcnQub3Blbm5pYy5pMnBkLnh5eg";
		42
		43	# Deutschland
		44
24	"ns8.he.de.dns.opennic.glue ethservices DoH".stamp =	45	"ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
25	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";	46	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
26		47
		48	"ns21.de.dns.opennic.glue DNSCrypt IPv4".stamp =
		49	"sdns://AQcAAAAAAAAAEDc4LjQ3LjI0My4zOjEwNTMgN4CAbUDR-b3uJJMVzfCdL9ivVV7s8wRhifLRPWBfSmQdMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
		50	"ns21.de.dns.opennic.glue DNSCrypt IPv6".stamp =
		51	"sdns://AQcAAAAAAAAAHFsyYTAxOjRmODoxYzBjOjgwYzk6OjFdOjEwNTMgcmZXgMxIKLKAtkLUX7t6Lhw7j4-PIqXir5hMytnM-W8dMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
		52
		53	"ns28.de.dns.opennic.glue DoH".stamp =
		54	"sdns://AgcAAAAAAAAAAAAVd3d3LmphYmJlci1nZXJtYW55LmRlCWRucy1xdWVyeQ";
		55
		56	"ns29.de.dns.opennic.glue DoH".stamp =
		57	"sdns://AgcAAAAAAAAAAAAQd3d3Lm1vcmJpdHplci5kZQlkbnMtcXVlcnk";
		58
27	"ns31.de.dns.opennic.glue ethservices DoH".stamp =	59	"ns31.de.dns.opennic.glue ethservices DoH".stamp =
28	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";	60	"sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
29
30	"ns3.de.dns.opennic.glue Eleix DoH".stamp =
31	"sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
32	};	61	};
33		62
34	cloaking_rules = with lib;	63	cloaking_rules = with lib;