From dd71c99d0a9f0d17b8666d4f1546175f9ff59126 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <CaptainJawZ@protonmail.com>
Date: Sat, 5 Oct 2024 15:56:56 -0600
Subject: [PATCH] dnscrypt-proxy2

---
 modules/services/network.nix | 37 +++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/modules/services/network.nix b/modules/services/network.nix
index 7f7fc09..022f64c 100644
--- a/modules/services/network.nix
+++ b/modules/services/network.nix
@@ -5,12 +5,47 @@
     networking = {
       enableIPv6 = true;
       firewall.enable = true;
-      networkmanager.enable = true;
+      dhcpcd.extraConfig = "nohook resolv.conf";
+      networkmanager = {
+        enable = true;
+        dns = "none";
+      };
       hosts = {
         "192.168.1.64" = [ "workstation" ];
         "192.168.1.69" = [ "server" ];
         "192.168.1.100" = [ "miniserver" ];
       };
     };
+    services.dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        ipv6_servers = true;
+        require_dnssec = true;
+        sources.public-resolvers = {
+          urls = [
+            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+          ];
+          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        };
+        server_names = [
+          "cloudflare"
+          "cloudflare-ipv6"
+          "cloudflare-security"
+          "cloudflare-security-ipv6"
+          "adguard-dns-doh"
+          "mullvad-adblock-doh"
+          "mullvad-doh"
+          "nextdns"
+          "nextdns-ipv6"
+          "quad9-dnscrypt-ipv4-filter-pri"
+          "ibksturm"
+        ];
+      };
+    };
+    systemd.services.dnscrypt-proxy2.serviceConfig = {
+      StateDirectory = "dnscrypt-proxy";
+    };
   };
 }