diff --git a/modules/module-list.nix b/modules/module-list.nix index 8b2215ba3..d01bbdb90 100644 --- a/modules/module-list.nix +++ b/modules/module-list.nix @@ -62,6 +62,7 @@ ./services/chunkwm.nix ./services/cachix-agent.nix ./services/dnsmasq.nix + ./services/dnscrypt-proxy.nix ./services/emacs.nix ./services/eternal-terminal.nix ./services/github-runner diff --git a/modules/services/dnscrypt-proxy.nix b/modules/services/dnscrypt-proxy.nix new file mode 100644 index 000000000..93bbd9a8d --- /dev/null +++ b/modules/services/dnscrypt-proxy.nix @@ -0,0 +1,76 @@ +{ + config, + lib, + pkgs, + ... +}: + +with lib; + +let + + cfg = config.services.dnscrypt-proxy; + + format = pkgs.formats.toml { }; + + configFile = format.generate "dnscrypt-proxy.toml" cfg.settings; + +in + +{ + options.services.dnscrypt-proxy = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether to enable the dnscrypt-proxy service."; + }; + + package = mkOption { + type = types.path; + default = pkgs.dnscrypt-proxy2; + defaultText = "pkgs.dnscrypt-proxy2"; + description = "This option specifies the dnscrypt-proxy package to use"; + }; + + settings = mkOption { + type = format.type; + + default = { + listen_addresses = [ "127.0.0.1:53" ]; + doh_servers = true; + dnscrypt_servers = true; + ipv4_servers = true; + ipv6_servers = true; + sources.public-resolvers = { + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + refresh_delay = 72; + prefix = ""; + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + "https://ipv6.download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + }; + }; + + description = '' + This option specifies the dnscrypt-proxy settings to use + + More details can be found at https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml + ''; + }; + }; + + config = mkIf cfg.enable { + launchd.daemons.dnscrypt-proxy = { + script = '' + ${getExe' cfg.package "dnscrypt-proxy"} -config ${configFile} + ''; + serviceConfig = { + RunAtLoad = true; + KeepAlive = true; + }; + }; + }; + +} diff --git a/release.nix b/release.nix index 115025eed..eaf30044b 100644 --- a/release.nix +++ b/release.nix @@ -103,6 +103,7 @@ in { tests.sockets-nix-daemon = makeTest ./tests/sockets-nix-daemon.nix; tests.services-aerospace = makeTest ./tests/services-aerospace.nix; tests.services-dnsmasq = makeTest ./tests/services-dnsmasq.nix; + tests.services-dnscrypt-proxy = makeTest ./tests/services-dnscrypt-proxy.nix; tests.services-eternal-terminal = makeTest ./tests/services-eternal-terminal.nix; tests.services-nix-gc = makeTest ./tests/services-nix-gc.nix; tests.services-nix-optimise = makeTest ./tests/services-nix-optimise.nix; diff --git a/tests/services-dnscrypt-proxy.nix b/tests/services-dnscrypt-proxy.nix new file mode 100644 index 000000000..23c1ba233 --- /dev/null +++ b/tests/services-dnscrypt-proxy.nix @@ -0,0 +1,22 @@ +{ + config, + pkgs, + ... +}: + +let + dnscrypt-proxy = pkgs.runCommand "dnscrypt-proxy-0.0.0" { } "mkdir $out"; +in +{ + services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy.package = dnscrypt-proxy; + + test = '' + echo >&2 "checking dnscrypt-proxy service in /Library/LaunchDaemons" + grep "org.nixos.dnscrypt-proxy" ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist + grep "${dnscrypt-proxy}/bin/dnscrypt-proxy" ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist + + # wait4path is very important, because we need `/nix/store` before run this services + grep "/bin/wait4path" ${config.out}/Library/LaunchDaemons/org.nixos.dnscrypt-proxy.plist + ''; +}