From e852e7b1c0d8a289d0ec9353744a8dec0eb19cd2 Mon Sep 17 00:00:00 2001 From: Jakub Czajka Date: Sun, 30 Mar 2025 00:00:23 +0100 Subject: [PATCH] [system] Configure custom DNS. --- conf/system/dns.scm | 105 --------------------- dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml | 67 ------------- dns/etc/resolv.conf | 8 +- system.scm | 22 ++++- 4 files changed, 21 insertions(+), 181 deletions(-) delete mode 100644 conf/system/dns.scm delete mode 100644 dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml diff --git a/conf/system/dns.scm b/conf/system/dns.scm deleted file mode 100644 index f910f32..0000000 --- a/conf/system/dns.scm +++ /dev/null @@ -1,105 +0,0 @@ -;; Copyright (c) 2022-2024 Jakub Czajka -;; License: GPL-3.0 or later. -;; -;; dns.scm - package for DNSCrypt. - -(define-module (conf system dns) - #:use-module (gnu packages) - #:use-module (gnu packages golang-build) - #:use-module (gnu services) - #:use-module (gnu services shepherd) - #:use-module (guix build-system go) - #:use-module (guix gexp) - #:use-module (guix git-download) - #:use-module (guix licenses) - #:use-module (guix packages) - #:use-module (guix records) - #:use-module (guix utils) - #:use-module (ice-9 match) - #:export (dnscrypt-proxy - dnscrypt-proxy-configuration - dnscrypt-proxy-configuration? - dnscrypt-proxy-xresources - dnscrypt-proxy-service - dnscrypt-proxy-service-type)) - -(define-public dnscrypt-proxy - (package - (name "dnscrypt-proxy") - (version "2.0.42") - (source - (origin - (method git-fetch) - (uri - (git-reference - (url "https://github.com/DNSCrypt/dnscrypt-proxy.git") - (commit version))) - (file-name - (git-file-name name - version)) - (sha256 - (base32 - "1v4n0pkwcilxm4mnj4fsd4gf8pficjj40jnmfkiwl7ngznjxwkyw")))) - (build-system go-build-system) - (arguments - `(#:import-path "github.com/DNSCrypt/dnscrypt-proxy/dnscrypt-proxy" - #:unpack-path "github.com/DNSCrypt/dnscrypt-proxy" - #:install-source? #f)) - (inputs - `(("go-golang-org-x-crypto" ,go-golang-org-x-crypto) - ("go-golang-org-x-net" ,go-golang-org-x-net) - ("go-golang-org-x-sys" ,go-golang-org-x-sys) - ("go-golang-org-x-text" ,go-golang-org-x-text))) - (home-page "https://dnscrypt.info") - (synopsis "Secure and flexible DNS proxy") - (description "@command{dnscrypt-proxy} is a flexible DNS proxy, with -support for modern encrypted DNS protocols such as DNSCrypt v2 and -DNS-over-HTTPS.") - (license isc))) - -(define-record-type* - dnscrypt-proxy-configuration make-dnscrypt-proxy-configuration - dnscrypt-proxy-configuration? - (package dnscrypt-proxy-configuration-package - (default dnscrypt-proxy)) - (config-file dnscrypt-proxy-configuration-config-file - (default (string-concatenate - (list (getenv "GUIX_PACKAGE_PATH") - "/dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml"))))) - -(define dnscrypt-proxy-shepherd-service - (match-lambda - (($ package config-file) - (shepherd-service - (provision '(dnscrypt-proxy dns)) - (start #~(make-forkexec-constructor - (list #$(file-append package "/bin/dnscrypt-proxy") - "-config" - "/etc/dnscrypt-proxy.toml") - #:log-file - "/var/log/dnscrypt-proxy.log")) - (stop #~(make-kill-destructor)) - (documentation "Dnscrypt-proxy server."))))) - -(define (symlink-dnscrypt-proxy-dotfiles config) - (list `("dnscrypt-proxy.toml" - ,(local-file - (dnscrypt-proxy-configuration-config-file config))) - `("resolv.conf" - ,(local-file (string-concatenate - (list (getenv "GUIX_PACKAGE_PATH") - "/dns/etc/resolv.conf")))))) - -(define dnscrypt-proxy-service-type - (service-type - (name 'dnscrypt-proxy) - (extensions - (list (service-extension shepherd-root-service-type - (compose list dnscrypt-proxy-shepherd-service)) - (service-extension etc-service-type - symlink-dnscrypt-proxy-dotfiles))) - (default-value (dnscrypt-proxy-configuration)) - (description "Shepherd service which runs the `dnscrypt-proxy` server."))) - -(define dnscrypt-proxy-service - (service dnscrypt-proxy-service-type)) diff --git a/dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml b/dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml deleted file mode 100644 index ea56583..0000000 --- a/dns/etc/dnscrypt-proxy/dnscrypt-proxy.toml +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright (c) 2022-2024 Jakub Czajka -# License: GPL-3.0 or later. -# -# dnscrypt-proxy configuration file. -# Sources: -# https://github.com/DNSCrypt/dnscrypt-proxy/wiki -# https://hispagatos.org/post/dnscrypt-proxy-arch-tut - -# Must be declared in [static]. -server_names = ['dnscrypt.eu-nl', 'dnscrypt.uk-ipv4', 'ffmuc.net', 'meganerd', 'publicarray-au-doh', 'scaleway-ams', 'scaleway-fr', 'v.dnscrypt.uk-ipv4'] - -# -listen_addresses = ['127.0.0.1:53'] - -# Use servers reachable over IPv4. -ipv4_servers = true - -# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 -# connectivity. -ipv6_servers = false -block_ipv6 = false - -# Use servers implementing the DNSCrypt protocol. -dnscrypt_servers = true - -# Use servers implementing the DNS-over-HTTPS protocol. -doh_servers = true - -# Do not use servers implementing the Oblivious DNS-over-HTTPS protocol. -#odoh_servers = false - -# Server must support DNS security extensions (DNSSEC). -require_dnssec = false - -# Server must not log user queries (declarative). -require_nolog = true - -# Server must not enforce its own blacklist (for parental control, ads -# blocking...). -require_nofilter = true - -# Set log to syslog. -use_syslog = true - -# Response for blocked queries. -blocked_query_response = 'refused' - -# Fallback and netprobe addresses. -fallback_resolvers = ['91.239.100.100:53'] -netprobe_address = '91.239.100.100:53' - -# Cache DNS responses. -cache = true - -# Create new & unique key for every single DNS query -dnscrypt_ephemeral_keys = true - -# List of resolvers: -# https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md -[static] - - [sources.'public-resolvers'] - urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md'] - cache_file = '/etc/dnscrypt-proxy/public-resolvers.md' - minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3' - refresh_delay = 72 - prefix = '' diff --git a/dns/etc/resolv.conf b/dns/etc/resolv.conf index 5529e33..6e24dd9 100644 --- a/dns/etc/resolv.conf +++ b/dns/etc/resolv.conf @@ -1,6 +1,4 @@ -# Copyright (c) 2022-2024 Jakub Czajka +# Copyright (c) 2022-2025 Jakub Czajka # License: GPL-3.0 or later. -# -# Use dnscrypt-proxy -nameserver 127.0.0.1 -options edns0 + +nameserver 54.37.233.90 diff --git a/system.scm b/system.scm index 43f0b52..d0814d7 100644 --- a/system.scm +++ b/system.scm @@ -1,13 +1,13 @@ -;; Copyright (c) 2022-2024 Jakub Czajka +;; Copyright (c) 2022-2025 Jakub Czajka ;; License: GPL-3.0 or later. ;; ;; system.scm - system configuration for GNU Guix. (use-modules (conf system bluetooth) (conf system desktop) - (conf system dns) (conf system volume) (gnu) + (gnu services networking) (gnu services xorg) (gnu system nss)) @@ -21,6 +21,13 @@ (use-system-modules setuid) +(define etc-files + (list `("resolv.conf" + ,(local-file + (string-concatenate + (list (getenv "GUIX_PACKAGE_PATH") + "/dns/etc/resolv.conf")))))) + (operating-system (kernel linux-libre) (keyboard-layout @@ -83,10 +90,17 @@ (services (append (list bluez-service - dnscrypt-proxy-service + (simple-service 'resolv + etc-service-type + etc-files) keyboard-layout-service) (modify-services %desktop-services (gdm-service-type config => (gdm-configuration (inherit config) - (wayland? #f))))))) + (wayland? #f))) + (network-manager-service-type config => + (network-manager-configuration + (inherit config) + (dns "none"))))))) + -- 2.39.5