diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-29 18:10:00 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-08-29 23:48:12 +0200 |
commit | d78e0ed1f98bbeae09d874c748e702da31c9a1b1 (patch) | |
tree | 6ba654330bf0d914d7325ad921fd57004b741cdf /nixos/modules/services/networking/dnscrypt-proxy.nix | |
parent | 68210aa772ebf669bbf9b691d96cab98725f888a (diff) | |
download | nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar.gz nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar.bz2 nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar.lz nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar.xz nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.tar.zst nixlib-d78e0ed1f98bbeae09d874c748e702da31c9a1b1.zip |
dnscrypt-proxy module: move detailed info to module documentation
Diffstat (limited to 'nixos/modules/services/networking/dnscrypt-proxy.nix')
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-proxy.nix | 30 |
1 files changed, 7 insertions, 23 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 97764cd2ed34..2714e8d75993 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -28,31 +28,15 @@ let in { + meta = { + maintainers = with maintainers; [ joachifm ]; + doc = ./dnscrypt-proxy.xml; + }; + options = { services.dnscrypt-proxy = { - enable = mkEnableOption "dnscrypt-proxy" // { description = '' - Whether to enable the DNSCrypt client proxy. The proxy relays - DNS queries to a DNSCrypt enabled upstream resolver. The traffic - between the client and the upstream resolver is encrypted and - authenticated, mitigating the risk of MITM attacks and third-party - snooping (assuming the upstream is trustworthy). - - Enabling this option does not alter the system nameserver; to relay - local queries, prepend <literal>127.0.0.1</literal> to - <option>networking.nameservers</option>. - - The recommended configuration is to run DNSCrypt proxy as a forwarder - for a caching DNS client, as in - <programlisting> - { - services.dnscrypt-proxy.enable = true; - services.dnscrypt-proxy.localPort = 43; - services.dnsmasq.enable = true; - services.dnsmasq.servers = [ "127.0.0.1#43" ]; - services.dnsmasq.resolveLocalQueries = true; # this is the default - } - </programlisting> - ''; }; + enable = mkEnableOption "DNSCrypt client proxy"; + localAddress = mkOption { default = "127.0.0.1"; type = types.str; |