From f0d2dfac6b0b0a88f07ac519093be7420ed20fbc Mon Sep 17 00:00:00 2001
From: Himadri Bhattacharjee <107522312+lavafroth@users.noreply.github.com>
Date: Wed, 2 Oct 2024 09:12:43 +0530
Subject: [PATCH] refactor: dnscrypt-proxy config into module

---
 hosts/default/configuration.nix | 28 +---------------------------
 hosts/default/secure-dns.nix    | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 27 deletions(-)
 create mode 100644 hosts/default/secure-dns.nix

diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix
index 835afa5..ea2a2c7 100644
--- a/hosts/default/configuration.nix
+++ b/hosts/default/configuration.nix
@@ -8,6 +8,7 @@
       ./filesystem-hardening.nix
       ./phone-as-webcam.nix
       ./nvidia.nix
+      ./secure-dns.nix
     ];
 
   boot = {
@@ -34,33 +35,6 @@
   };
 
   services.fwupd.enable = true;
-  services.dnscrypt-proxy2 = {
-    enable = true;
-    settings = {
-      ipv6_servers = true;
-      require_dnssec = true;
-
-      sources.public-resolvers = {
-        urls = [
-          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
-          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
-        ];
-        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
-        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
-      };
-
-      # You can choose a specific set of servers from
-      # https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
-      server_names = [
-        "dnsforge.de"
-        "mullvad-adblock-doh"
-      ];
-    };
-  };
-
-  systemd.services.dnscrypt-proxy2.serviceConfig = {
-    StateDirectory = "dnscrypt-proxy";
-  };
 
   # Set your time zone.
   time.timeZone = "Asia/Kolkata";
diff --git a/hosts/default/secure-dns.nix b/hosts/default/secure-dns.nix
new file mode 100644
index 0000000..f48d581
--- /dev/null
+++ b/hosts/default/secure-dns.nix
@@ -0,0 +1,29 @@
+{
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+
+      # You can choose a specific set of servers from
+      # https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md
+      server_names = [
+        "dnsforge.de"
+        "mullvad-adblock-doh"
+      ];
+    };
+  };
+
+  systemd.services.dnscrypt-proxy2.serviceConfig = {
+    StateDirectory = "dnscrypt-proxy";
+  };
+}