From 0a3bcc27ad9d18822e6e34b4ce0003d1a52faf5c Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Thu, 27 Jul 2023 01:14:36 +0200
Subject: [PATCH] Set up Encrypted DNS resolver

---
 modules/networking.nix | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/modules/networking.nix b/modules/networking.nix
index 076b37d..991ba0f 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -112,7 +112,7 @@ in {
 
       listen-address = [ "127.0.0.1" "192.168.13.2" "10.8.0.1" ];
       bind-interfaces = true;
-      server = [ "51.158.108.203" "137.220.55.93" ];
+      server = [ "127.0.0.1#43" ];
 
       cache-size = 10000;
       local-ttl = 300;
@@ -123,4 +123,22 @@ in {
     };
   };
 
+  # Encrypted DNS
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = false;
+      require_dnssec = true;
+      listen_addresses = [ "127.0.0.1:43" ];
+      sources.public-resolvers = {
+        urls = [
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key =
+          "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+    };
+  };
+
 }