diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-10 07:04:20 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-10 07:08:37 +0200 |
commit | e38e3dcdb6c3f069a22dd497be3800da5f516eda (patch) | |
tree | ed52b17b0593f5da7ae2129026f6e005c6d24954 /nixos/modules/services | |
parent | bd448b713944524f41a8d37cfe59d4594b536911 (diff) | |
download | nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar.gz nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar.bz2 nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar.lz nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar.xz nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.tar.zst nixlib-e38e3dcdb6c3f069a22dd497be3800da5f516eda.zip |
dnscrypt-proxy service: allow user to specify their own resolver list
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/dnscrypt-proxy.nix | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix index 4521f82f5db8..eb43e83c95f0 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -6,12 +6,6 @@ let dnscrypt-proxy = pkgs.dnscrypt-proxy; cfg = config.services.dnscrypt-proxy; - # last updated: 2016-05-04 - resolverListFile = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv"; - sha256 = "07kbbisrvrqdxif3061hxj3whin3llg4nh50ln7prisi2vbd76xd"; - }; - localAddress = "${cfg.localAddress}:${toString cfg.localPort}"; daemonArgs = @@ -28,7 +22,7 @@ let "--provider-key=${cfg.customResolver.key}" ] else - [ "--resolvers-list=${resolverListFile}" + [ "--resolvers-list=${cfg.resolverList}" "--resolver-name=${toString cfg.resolverName}" ]; in @@ -82,12 +76,24 @@ in default = "dnscrypt.eu-nl"; type = types.nullOr types.string; description = '' - The name of the upstream DNSCrypt resolver to use. See - <filename>${resolverListFile}</filename> for alternative resolvers. + The name of the upstream DNSCrypt resolver to use, taken from the + list named in the <literal>resolverList</literal> option. The default resolver is located in Holland, supports DNS security extensions, and claims to not keep logs. ''; }; + resolverList = mkOption { + description = '' + The list of upstream DNSCrypt resolvers. By default, we use the most + recent list published by upstream. + ''; + example = literalExample "${pkgs.dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"; + default = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv"; + sha256 = "07kbbisrvrqdxif3061hxj3whin3llg4nh50ln7prisi2vbd76xd"; + }; + defaultText = "pkgs.fetchurl { url = ...; sha256 = ...; }"; + }; customResolver = mkOption { default = null; description = '' @@ -174,7 +180,7 @@ in ${pkgs.lz4}/lib/liblz4.so.* mr, ${pkgs.attr.out}/lib/libattr.so.* mr, - ${resolverListFile} r, + ${cfg.resolverList} r, } '')); |