diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-03-23 20:41:49 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-03-24 17:14:22 +0100 |
commit | 4001917359db57b75662581e55d33e38fa60bc2d (patch) | |
tree | 261aedb60c9be4c8336245ce570cdf4eb716022a /nixos/modules/services/networking/dnscrypt-proxy.nix | |
parent | 9c274b4bef10f7e535ce5bf72f0259e7c0d76c93 (diff) | |
download | nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar.gz nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar.bz2 nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar.lz nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar.xz nixlib-4001917359db57b75662581e55d33e38fa60bc2d.tar.zst nixlib-4001917359db57b75662581e55d33e38fa60bc2d.zip |
dnscrypt-proxy service: cosmetic enhancements
Diffstat (limited to 'nixos/modules/services/networking/dnscrypt-proxy.nix')
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-proxy.nix | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index a6b5b1deed76..e6204a387bda 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -5,14 +5,17 @@ let apparmorEnabled = config.security.apparmor.enable; dnscrypt-proxy = pkgs.dnscrypt-proxy; cfg = config.services.dnscrypt-proxy; + resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"; localAddress = "${cfg.localAddress}:${toString cfg.localPort}"; + daemonArgs = [ "--local-address=${localAddress}" (optionalString cfg.tcpOnly "--tcp-only") (optionalString cfg.ephemeralKeys "-E") ] ++ resolverArgs; + resolverArgs = if (cfg.customResolver != null) then [ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}" @@ -50,7 +53,7 @@ in services.dnsmasq.resolveLocalQueries = true; # this is the default } </programlisting> - ''; }; + ''; }; localAddress = mkOption { default = "127.0.0.1"; type = types.string; @@ -187,14 +190,18 @@ in systemd.services.dnscrypt-proxy = { description = "dnscrypt-proxy daemon"; + after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service"; requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service"; + serviceConfig = { Type = "simple"; NonBlocking = "true"; ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; + User = "dnscrypt-proxy"; Group = "dnscrypt-proxy"; + PrivateTmp = true; PrivateDevices = true; }; |