Skip to content

Dnscrypt wrapper

services.dnscrypt-wrapper.address

The DNSCrypt wrapper will bind to this IP address.

Type: string

Default

"127.0.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.enable

Whether to enable DNSCrypt wrapper. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.keys.checkInterval

The time interval (in minutes) between key expiration checks.

Type: signed integer

Default

1440

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.keys.expiration

The duration (in days) of the time-limited secret key. This will be automatically rotated before expiration.

Type: signed integer

Default

30

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.port

The DNSCrypt wrapper will listen for DNS queries on this port.

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

5353

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.providerKey.public

The filepath to the provider public key. If not given a new provider key pair will be generated on the first run.

Type: null or path

Default

null

Example

"/etc/secrets/public.key"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.providerKey.secret

The filepath to the provider secret key. If not given a new provider key pair will be generated on the first run.

Type: null or path

Default

null

Example

"/etc/secrets/secret.key"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.providerName

The name that will be given to this DNSCrypt resolver. Note: the resolver name must start with 2.dnscrypt-cert..

Type: string

Default

"2.dnscrypt-cert.${config.networking.hostName}"

Example

"2.dnscrypt-cert.myresolver"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.upstream.address

The IP address of the upstream DNS server DNSCrypt will "wrap".

Type: string

Default

"127.0.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix

services.dnscrypt-wrapper.upstream.port

The port of the upstream DNS server DNSCrypt will "wrap".

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

53

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/dnscrypt-wrapper.nix