pyrox.dev
dnscrypt-proxy service: cosmetic enhancements
+8
-1
nixos/modules/services/networking/dnscrypt-proxy.nix
+8
-1
nixos/modules/services/networking/dnscrypt-proxy.nix
···
5
5
apparmorEnabled = config.security.apparmor.enable;
6
6
dnscrypt-proxy = pkgs.dnscrypt-proxy;
7
7
cfg = config.services.dnscrypt-proxy;
8
+
8
9
resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv";
9
10
localAddress = "${cfg.localAddress}:${toString cfg.localPort}";
11
+
10
12
daemonArgs =
11
13
[ "--local-address=${localAddress}"
12
14
(optionalString cfg.tcpOnly "--tcp-only")
13
15
(optionalString cfg.ephemeralKeys "-E")
14
16
]
15
17
++ resolverArgs;
18
+
16
19
resolverArgs = if (cfg.customResolver != null)
17
20
then
18
21
[ "--resolver-address=${cfg.customResolver.address}:${toString cfg.customResolver.port}"
···
50
53
services.dnsmasq.resolveLocalQueries = true; # this is the default
51
54
}
52
55
</programlisting>
53
-
''; };
56
+
''; };
54
57
localAddress = mkOption {
55
58
default = "127.0.0.1";
56
59
type = types.string;
···
187
190
188
191
systemd.services.dnscrypt-proxy = {
189
192
description = "dnscrypt-proxy daemon";
193
+
190
194
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
191
195
requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
196
+
192
197
serviceConfig = {
193
198
Type = "simple";
194
199
NonBlocking = "true";
195
200
ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
201
+
196
202
User = "dnscrypt-proxy";
197
203
Group = "dnscrypt-proxy";
204
+
198
205
PrivateTmp = true;
199
206
PrivateDevices = true;
200
207
};