From 7b56fcf4c4bf95f763162a69e69290cb0c78bf9f Mon Sep 17 00:00:00 2001
From: Minijackson <minijackson@riseup.net>
Date: Fri, 28 May 2021 18:31:46 +0200
Subject: dnscrypt: updated list of servers + use public list

---
 usecases/common/dnscrypt.nix | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

(limited to 'usecases/common')

diff --git a/usecases/common/dnscrypt.nix b/usecases/common/dnscrypt.nix
index fbeb61f..17f4d63 100644
--- a/usecases/common/dnscrypt.nix
+++ b/usecases/common/dnscrypt.nix
@@ -6,13 +6,27 @@ inputs:
   services.dnscrypt-proxy2 = {
     enable = true;
     settings = {
+
+      # A properly maintained list, in case all servers goes down
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/opennic.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/opennic.md"
+        ];
+        cache_file = "opennic.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        refresh_delay = 72;
+      };
+
       static = {
+        # French servers
+
+        "ns1.fr.dns.opennic.glue iriseden DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmZyCWRucy1xdWVyeQ";
         "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
           "sdns://AQcAAAAAAAAAEzYyLjIxMC4xNzcuMTg5OjEwNTMgW8vytBGk6u3kvCpl4q88XjqW-w6JJiJ7QBObcFV7gYAfMi5kbnNjcnlwdC1jZXJ0Lm5zMS5pcmlzZWRlbi5mcg";
         "ns3.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
           "sdns://AQcAAAAAAAAAHVsyMDAxOmJjODozMmQ3OjMwODo6MjAxXToxMDUzIEUAcwKTPY6tyEQxtfO3rIzEyqN9w7WGPLz7ZsHsx5EGHzIuZG5zY3J5cHQtY2VydC5uczEuaXJpc2VkZW4uZnI";
-        "ns3.fr.dns.opennic.glue iriseden DoH".stamp =
-          "sdns://AgcAAAAAAAAAAAAPbnMxLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
 
         "ns4.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
           "sdns://AQcAAAAAAAAAEjYyLjIxMC4xODAuNzE6MTA1MyBxLWt8kNHoMqM7vKXCkuZ3PnB32c0qV2I3KGQYtlDKSB8yLmRuc2NyeXB0LWNlcnQubnMyLmlyaXNlZGVuLmZy";
@@ -21,14 +35,29 @@ inputs:
         "ns4.fr.dns.opennic.glue iriseden DoH".stamp =
           "sdns://AgcAAAAAAAAAAAAPbnMyLmlyaXNlZGVuLmV1CWRucy1xdWVyeQ";
 
+        "ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAETE1MS44MC4yMjIuNzk6NDQzIKnWMjpPJYAJJhl1FQLOIx4fdtned2yHxruyig7_2w5OIDIuZG5zY3J5cHQtY2VydC5vcGVubmljLmkycGQueHl6";
+        "ns8.fr.dns.opennic.glue iriseden DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAG1syMDAxOjQ3MDoxZjE1OmI4MDo6NTNdOjQ0MyCp1jI6TyWACSYZdRUCziMeH3bZ3ndsh8a7sooO_9sOTiAyLmRuc2NyeXB0LWNlcnQub3Blbm5pYy5pMnBkLnh5eg";
+
+        # Deutschland
+
         "ns8.he.de.dns.opennic.glue ethservices DoH".stamp =
           "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzEuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
 
+        "ns21.de.dns.opennic.glue DNSCrypt IPv4".stamp =
+          "sdns://AQcAAAAAAAAAEDc4LjQ3LjI0My4zOjEwNTMgN4CAbUDR-b3uJJMVzfCdL9ivVV7s8wRhifLRPWBfSmQdMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
+        "ns21.de.dns.opennic.glue DNSCrypt IPv6".stamp =
+          "sdns://AQcAAAAAAAAAHFsyYTAxOjRmODoxYzBjOjgwYzk6OjFdOjEwNTMgcmZXgMxIKLKAtkLUX7t6Lhw7j4-PIqXir5hMytnM-W8dMi5kbnNjcnlwdC1jZXJ0Lm5zMS5maXNjaGUuaW8";
+
+        "ns28.de.dns.opennic.glue DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAVd3d3LmphYmJlci1nZXJtYW55LmRlCWRucy1xdWVyeQ";
+
+        "ns29.de.dns.opennic.glue DoH".stamp =
+          "sdns://AgcAAAAAAAAAAAAQd3d3Lm1vcmJpdHplci5kZQlkbnMtcXVlcnk";
+
         "ns31.de.dns.opennic.glue ethservices DoH".stamp =
           "sdns://AgcAAAAAAAAAAAAcb3Blbm5pYzIuZXRoLXNlcnZpY2VzLmRlOjg1MwA";
-
-        "ns3.de.dns.opennic.glue Eleix DoH".stamp =
-          "sdns://AgcAAAAAAAAAAAAQZG9oLmJvb3RobGFicy5tZQlkbnMtcXVlcnk";
       };
 
       cloaking_rules = with lib;
-- 
cgit v1.2.3