mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-12-23 02:36:05 +01:00
fix: working encrypted dns in restricted networks
This commit is contained in:
parent
b4d85c519d
commit
28959d7c3c
@ -46,6 +46,7 @@
|
||||
../../modules/firefox.nix
|
||||
../../modules/thunderbird.nix
|
||||
../../modules/tor-browser.nix
|
||||
../../modules/tor.nix
|
||||
#../../modules/digikam-rawtherapee-hugin-gimp.nix
|
||||
../../modules/freetube.nix
|
||||
../../modules/ghostwriter.nix
|
||||
|
@ -26,6 +26,13 @@
|
||||
#
|
||||
# Check if it is working
|
||||
# https://wiki.archlinux.org/title/Dnscrypt-proxy#Check_if_dnscrypt-proxy_is_working
|
||||
#
|
||||
# View generated config file:
|
||||
# cat "$(systemctl show -P FragmentPath dnscrypt-proxy2.service)" | grep 'ExecStart='
|
||||
# cat ....toml
|
||||
|
||||
# Example: Running c in a container and routhing dnscrypt-proxy queries through it
|
||||
# https://github.com/AtaraxiaSjel/nixos-config/blob/3510d178bafeb5d742806d25d5c6c34570c498e8/profiles/workspace/proxy.nix
|
||||
|
||||
# TODO
|
||||
# create new config option
|
||||
@ -35,10 +42,6 @@
|
||||
# don't use adguard and ffmuc DNS servers
|
||||
# Firefox use system DNS
|
||||
|
||||
# TODO Does not work on some WiFi netowrks, e.g. Fritz!Box Guest WiFi
|
||||
# https://docs.pi-hole.net/routers/fritzbox/
|
||||
# The Fritz!Box always sets its own IP as DNS server for the guest network.
|
||||
|
||||
networking.nameservers = [
|
||||
# IPv4
|
||||
"127.0.0.1"
|
||||
@ -67,9 +70,6 @@
|
||||
enable = true;
|
||||
settings = {
|
||||
#listen_addresses = ['127.0.0.1:53'];
|
||||
# This can be useful if you need to route everything through Tor.
|
||||
# Otherwise, leave this to `false`.
|
||||
force_tcp = false;
|
||||
# Enable a DNS cache to reduce latency and outgoing traffic
|
||||
cache = true;
|
||||
# DNSCrypt: Create a new, unique key for every single DNS query.
|
||||
@ -214,6 +214,29 @@
|
||||
# Skip resolvers incompatible with anonymization instead of using them directly.
|
||||
skip_incompatible = true;
|
||||
};
|
||||
};
|
||||
|
||||
# As this dict is converted to JSON, we can't use `proxy = lib.mkIf (...) "socks5://127.0.0.1:9050"` inside it - it won't be evaluated.
|
||||
# Instead, we merge it with another dict below:
|
||||
} // (
|
||||
# On some networks dnscrypt-proxy can't resove DNS queries.
|
||||
#
|
||||
# Example: Fritz!Box Guest WiFi
|
||||
# https://docs.pi-hole.net/routers/fritzbox/
|
||||
# The Fritz!Box always sets its own IP as DNS server for the guest network.
|
||||
#
|
||||
# Solution: Proxy dnscrypt-proxy through Tor
|
||||
# - Currently, we have this enabled.
|
||||
# - The latency of DNS queries is higher than without Tor - at about 130ms.
|
||||
|
||||
if config.services.tor.torsocks.enable
|
||||
then {
|
||||
# Route all TCP connections to a local Tor node.
|
||||
# As Tor doesn't support UDP, `force_tcp` has to be set to `true`.
|
||||
proxy = "socks5://127.0.0.1:9050";
|
||||
# This can be useful if you need to route everything through Tor.
|
||||
# Otherwise, leave this to `false`.
|
||||
force_tcp = true;
|
||||
} else {}
|
||||
);
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user