nixpkgs/nixos/modules/misc
Joachim Fasting 52f0553209 Add dnscrypt-proxy service
The dnscrypt-proxy service relays regular DNS queries to
a DNSCrypt enabled upstream resolver.
The traffic between the client and the upstream resolver is
encrypted and authenticated, which may mitigate the risk of
MITM attacks and third-party snooping (assuming a trustworthy
upstream).

Though dnscrypt-proxy can run as a standalone DNS client,
the recommended setup is to use it as a forwarder for a
caching DNS client.
To use dnscrypt-proxy as a forwarder for dnsmasq, do

```nix
{
  # ...

  networking.nameservers = [ "127.0.0.1" ];
  networking.dhcpcd.extraConfig = "nohook resolv.conf";

  services.dnscrypt-proxy.enable = true;
  services.dnscrypt-proxy.localAddress = "127.0.0.1";
  services.dnscrypt-proxy.port = 40;

  services.dnsmasq.enable = true;
  services.dnsmasq.extraConfig = ''
    no-resolv
    server=127.0.0.1#40
    listen-address=127.0.0.1
  '';

  # ...
}
```
2014-11-11 22:47:19 +01:00
..
assertions.nix
check-config.nix
crashdump.nix nixos/manual: Use literalExample when feasible. 2014-08-27 23:41:15 +02:00
ids.nix Add dnscrypt-proxy service 2014-11-11 22:47:19 +01:00
lib.nix
locate.nix Quote paths from example & default attributes. 2014-08-28 08:36:55 +02:00
meta.nix NixOS: Add meta.maintainer option to modules. 2014-08-25 01:04:39 +02:00
nixpkgs.nix
passthru.nix
version.nix