···
cfg = config.services.dnscrypt-proxy;
uid = config.ids.uids.dnscrypt-proxy;
11
-
"--user=dnscrypt-proxy"
10
+
[ "--user=dnscrypt-proxy"
"--local-address=${cfg.localAddress}:${toString cfg.port}"
(optionalString cfg.tcpOnly "--tcp-only")
"--resolvers-list=${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv"
···
${dnscrypt-proxy}/share/dnscrypt-proxy/** r,
${pkgs.gcc.cc}/lib/libssp.so.* mr,
${pkgs.libsodium}/lib/libsodium.so.* mr,
116
+
${pkgs.systemd}/lib/libsystemd.so.* mr,
117
+
${pkgs.xz}/lib/liblzma.so.* mr,
118
+
${pkgs.libgcrypt}/lib/libgcrypt.so.* mr,
119
+
${pkgs.libgpgerror}/lib/libgpg-error.so.* mr,
···
134
+
## derived from upstream dnscrypt-proxy.socket
135
+
systemd.sockets.dnscrypt-proxy = {
136
+
description = "dnscrypt-proxy listening socket";
139
+
ListenStream = "${cfg.localAddress}:${toString cfg.port}";
140
+
ListenDatagram = "${cfg.localAddress}:${toString cfg.port}";
143
+
wantedBy = [ "sockets.target" ];
146
+
# derived from upstream dnscrypt-proxy.service
systemd.services.dnscrypt-proxy = {
description = "dnscrypt-proxy daemon";
after = [ "network.target" ] ++ optional apparmorEnabled "apparmor.service";
134
-
requires = mkIf apparmorEnabled [ "apparmor.service" ];
135
-
wantedBy = [ "multi-user.target" ];
150
+
requires = [ "dnscrypt-proxy.socket "] ++ optional apparmorEnabled "apparmor.service";
153
+
## note: NonBlocking is required for socket activation to work
154
+
NonBlocking = "true";
ExecStart = "${dnscrypt-proxy}/bin/dnscrypt-proxy ${toString daemonArgs}";
pyrox.dev