commit 4001917359db57b75662581e55d33e38fa60bc2d

pyrox.dev / nixpkgs

lol

fork atom

dnscrypt-proxy service: cosmetic enhancements

Joachim Fasting 10 years ago 40019173 9c274b4b

+8 -1

1 changed file

expand all

unified split

nixos

modules

services

networking

dnscrypt-proxy.nix

+8 -1

nixos/modules/services/networking/dnscrypt-proxy.nix

··· 5 apparmorEnabled = config.security.apparmor.enable; 6 dnscrypt-proxy = pkgs.dnscrypt-proxy; 7 cfg = config.services.dnscrypt-proxy; 8 resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"; 9 localAddress = "${cfg.localAddress}:${toString cfg.localPort}"; 10 daemonArgs = 11 [ "--local-address=${localAddress}" 12 (optionalString cfg.tcpOnly "--tcp-only") 13 (optionalString cfg.ephemeralKeys "-E") 14 ] 15 ++ resolverArgs; 16 resolverArgs = if (cfg.customResolver != null) 17 then 18 [ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}" ··· 50 services.dnsmasq.resolveLocalQueries = true; # this is the default 51 } 52 </programlisting> 53 - ''; }; 54 localAddress = mkOption { 55 default = "127.0.0.1"; 56 type = types.string; ··· 187 188 systemd.services.dnscrypt-proxy = { 189 description = "dnscrypt-proxy daemon"; 190 after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service"; 191 requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service"; 192 serviceConfig = { 193 Type = "simple"; 194 NonBlocking = "true"; 195 ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; 196 User = "dnscrypt-proxy"; 197 Group = "dnscrypt-proxy"; 198 PrivateTmp = true; 199 PrivateDevices = true; 200 };

··· 5 apparmorEnabled = config.security.apparmor.enable; 6 dnscrypt-proxy = pkgs.dnscrypt-proxy; 7 cfg = config.services.dnscrypt-proxy; 8 + 9 resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"; 10 localAddress = "${cfg.localAddress}:${toString cfg.localPort}"; 11 + 12 daemonArgs = 13 [ "--local-address=${localAddress}" 14 (optionalString cfg.tcpOnly "--tcp-only") 15 (optionalString cfg.ephemeralKeys "-E") 16 ] 17 ++ resolverArgs; 18 + 19 resolverArgs = if (cfg.customResolver != null) 20 then 21 [ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}" ··· 53 services.dnsmasq.resolveLocalQueries = true; # this is the default 54 } 55 </programlisting> 56 + ''; }; 57 localAddress = mkOption { 58 default = "127.0.0.1"; 59 type = types.string; ··· 190 191 systemd.services.dnscrypt-proxy = { 192 description = "dnscrypt-proxy daemon"; 193 + 194 after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service"; 195 requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service"; 196 + 197 serviceConfig = { 198 Type = "simple"; 199 NonBlocking = "true"; 200 ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}"; 201 + 202 User = "dnscrypt-proxy"; 203 Group = "dnscrypt-proxy"; 204 + 205 PrivateTmp = true; 206 PrivateDevices = true; 207 };