From 581397ef92214baf216827576c85f2051374a108 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Tue, 27 Jun 2023 05:15:39 +0200
Subject: [PATCH] dns: re-enable dnscrypt-proxy

---
 hosts/architect/dns.nix | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix
index 801cbae..b1e4004 100644
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@@ -40,7 +40,7 @@ in
     adguardhome = {
       enable = true;
       settings = {
-        bind_port = 5353;
+        bind_port = 5354;
         dns = {
           port = 5300;
         };
@@ -50,5 +50,26 @@ in
         ];
       };
     };
+
+    dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        listen_addresses = [ "127.0.0.1:5353" ];
+        ipv4_servers = true;
+        ipv6_servers = false;
+        block_ipv6 = true;
+        dnscrypt_servers = true;
+        doh_servers = true;
+        require_nolog = true;
+        require_nofilter = true;
+        timeout = 350;
+        lb_strategy = "p4";
+        lb_estimator = true;
+        ignore_system_dns = true;
+        fallback_resolvers = [ "1.1.1.1:53" "9.9.9.9:53" ];
+        cache_min_ttl = 60;
+        cache_max_ttl = 360;
+      };
+    };
   };
 }