+++ /dev/null
-;; Copyright (c) 2022-2024 Jakub Czajka <jakub@ekhem.eu.org>
-;; License: GPL-3.0 or later.
-;;
-;; dns.scm - package for DNSCrypt.
-
-(define-module (conf system dns)
- #:use-module (gnu packages)
- #:use-module (gnu packages golang-build)
- #:use-module (gnu services)
- #:use-module (gnu services shepherd)
- #:use-module (guix build-system go)
- #:use-module (guix gexp)
- #:use-module (guix git-download)
- #:use-module (guix licenses)
- #:use-module (guix packages)
- #:use-module (guix records)
- #:use-module (guix utils)
- #:use-module (ice-9 match)
- #:export (dnscrypt-proxy
- dnscrypt-proxy-configuration
- dnscrypt-proxy-configuration?
- dnscrypt-proxy-xresources
- dnscrypt-proxy-service
- dnscrypt-proxy-service-type))
-
-(define-public dnscrypt-proxy
- (package
- (name "dnscrypt-proxy")
- (version "2.0.42")
- (source
- (origin
- (method git-fetch)
- (uri
- (git-reference
- (url "https://github.com/DNSCrypt/dnscrypt-proxy.git")
- (commit version)))
- (file-name
- (git-file-name name
- version))
- (sha256
- (base32
- "1v4n0pkwcilxm4mnj4fsd4gf8pficjj40jnmfkiwl7ngznjxwkyw"))))
- (build-system go-build-system)
- (arguments
- `(#:import-path "github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy"
- #:unpack-path "github.com/DNSCrypt/dnscrypt-proxy"
- #:install-source? #f))
- (inputs
- `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto)
- ("go-golang-org-x-net" ,go-golang-org-x-net)
- ("go-golang-org-x-sys" ,go-golang-org-x-sys)
- ("go-golang-org-x-text" ,go-golang-org-x-text)))
- (home-page "https://dnscrypt.info")
- (synopsis "Secure and flexible DNS proxy")
- (description "@command{dnscrypt-proxy} is a flexible DNS proxy, with
-support for modern encrypted DNS protocols such as DNSCrypt v2 and
-DNS-over-HTTPS.")
- (license isc)))
-
-(define-record-type* <dnscrypt-proxy-configuration>
- dnscrypt-proxy-configuration make-dnscrypt-proxy-configuration
- dnscrypt-proxy-configuration?
- (package dnscrypt-proxy-configuration-package
- (default dnscrypt-proxy))
- (config-file dnscrypt-proxy-configuration-config-file
- (default (string-concatenate
- (list (getenv "GUIX_PACKAGE_PATH")
- "/dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml")))))
-
-(define dnscrypt-proxy-shepherd-service
- (match-lambda
- (($ <dnscrypt-proxy-configuration> package config-file)
- (shepherd-service
- (provision '(dnscrypt-proxy dns))
- (start #~(make-forkexec-constructor
- (list #$(file-append package "/bin/dnscrypt-proxy")
- "-config"
- "/etc/dnscrypt-proxy.toml")
- #:log-file
- "/var/log/dnscrypt-proxy.log"))
- (stop #~(make-kill-destructor))
- (documentation "Dnscrypt-proxy server.")))))
-
-(define (symlink-dnscrypt-proxy-dotfiles config)
- (list `("dnscrypt-proxy.toml"
- ,(local-file
- (dnscrypt-proxy-configuration-config-file config)))
- `("resolv.conf"
- ,(local-file (string-concatenate
- (list (getenv "GUIX_PACKAGE_PATH")
- "/dns/etc/resolv.conf"))))))
-
-(define dnscrypt-proxy-service-type
- (service-type
- (name 'dnscrypt-proxy)
- (extensions
- (list (service-extension shepherd-root-service-type
- (compose list dnscrypt-proxy-shepherd-service))
- (service-extension etc-service-type
- symlink-dnscrypt-proxy-dotfiles)))
- (default-value (dnscrypt-proxy-configuration))
- (description "Shepherd service which runs the `dnscrypt-proxy` server.")))
-
-(define dnscrypt-proxy-service
- (service dnscrypt-proxy-service-type))
+++ /dev/null
-# Copyright (c) 2022-2024 Jakub Czajka <jakub@ekhem.eu.org>
-# License: GPL-3.0 or later.
-#
-# dnscrypt-proxy configuration file.
-# Sources:
-# https://github.com/DNSCrypt/dnscrypt-proxy/wiki
-# https://hispagatos.org/post/dnscrypt-proxy-arch-tut
-
-# Must be declared in [static].
-server_names = ['dnscrypt.eu-nl', 'dnscrypt.uk-ipv4', 'ffmuc.net', 'meganerd', 'publicarray-au-doh', 'scaleway-ams', 'scaleway-fr', 'v.dnscrypt.uk-ipv4']
-
-#
-listen_addresses = ['127.0.0.1:53']
-
-# Use servers reachable over IPv4.
-ipv4_servers = true
-
-# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6
-# connectivity.
-ipv6_servers = false
-block_ipv6 = false
-
-# Use servers implementing the DNSCrypt protocol.
-dnscrypt_servers = true
-
-# Use servers implementing the DNS-over-HTTPS protocol.
-doh_servers = true
-
-# Do not use servers implementing the Oblivious DNS-over-HTTPS protocol.
-#odoh_servers = false
-
-# Server must support DNS security extensions (DNSSEC).
-require_dnssec = false
-
-# Server must not log user queries (declarative).
-require_nolog = true
-
-# Server must not enforce its own blacklist (for parental control, ads
-# blocking...).
-require_nofilter = true
-
-# Set log to syslog.
-use_syslog = true
-
-# Response for blocked queries.
-blocked_query_response = 'refused'
-
-# Fallback and netprobe addresses.
-fallback_resolvers = ['91.239.100.100:53']
-netprobe_address = '91.239.100.100:53'
-
-# Cache DNS responses.
-cache = true
-
-# Create new & unique key for every single DNS query
-dnscrypt_ephemeral_keys = true
-
-# List of resolvers:
-# https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
-[static]
-
- [sources.'public-resolvers']
- urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md']
- cache_file = '/etc/dnscrypt-proxy/public-resolvers.md'
- minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
- refresh_delay = 72
- prefix = ''
-;; Copyright (c) 2022-2024 Jakub Czajka <jakub@ekhem.eu.org>
+;; Copyright (c) 2022-2025 Jakub Czajka <jakub@ekhem.eu.org>
;; License: GPL-3.0 or later.
;;
;; system.scm - system configuration for GNU Guix.
(use-modules (conf system bluetooth)
(conf system desktop)
- (conf system dns)
(conf system volume)
(gnu)
+ (gnu services networking)
(gnu services xorg)
(gnu system nss))
(use-system-modules setuid)
+(define etc-files
+ (list `("resolv.conf"
+ ,(local-file
+ (string-concatenate
+ (list (getenv "GUIX_PACKAGE_PATH")
+ "/dns/etc/resolv.conf"))))))
+
(operating-system
(kernel linux-libre)
(keyboard-layout
(services
(append
(list bluez-service
- dnscrypt-proxy-service
+ (simple-service 'resolv
+ etc-service-type
+ etc-files)
keyboard-layout-service)
(modify-services %desktop-services
(gdm-service-type config =>
(gdm-configuration
(inherit config)
- (wayland? #f)))))))
+ (wayland? #f)))
+ (network-manager-service-type config =>
+ (network-manager-configuration
+ (inherit config)
+ (dns "none")))))))
+
projects / guix.git / commitdiff