movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 14:10:33 +03:00
Code Activity

dnscrypt-proxy service: expose option to use ephemeral keys

Browse source 
Some users may wish to improve their privacy by using per-query
key pairs, which makes it more difficult for upstream resolvers to
track users across IP addresses.
This commit is contained in:
Joachim Fasting 2016-03-17 14:34:56 +01:00
parent cdef1cdd38
commit 12877098cb
1 changed files with 12 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/networking/dnscrypt-proxy.nix
View file

@ -10,6 +10,7 @@ let
daemonArgs = daemonArgs =
[ "--local-address=${localAddress}" [ "--local-address=${localAddress}"
(optionalString cfg.tcpOnly "--tcp-only") (optionalString cfg.tcpOnly "--tcp-only")
(optionalString cfg.ephemeralKeys "-E")
] ]
++ resolverArgs; ++ resolverArgs;
resolverArgs = if (cfg.customResolver != null) resolverArgs = if (cfg.customResolver != null)
@ -116,6 +117,17 @@ in
TCP instead of UDP (on port 443). Use only if the UDP port is blocked. TCP instead of UDP (on port 443). Use only if the UDP port is blocked.
''; '';
}; };
ephemeralKeys = mkOption {
default = false;
type = types.bool;
description = ''
Compute a new key pair for every query. Enabling this option
increases CPU usage, but makes it more difficult for the upstream
resolver to track your usage of their service across IP addresses.
The default is to re-use the public key pair for all queries, making
tracking trivial.
'';
};
}; };
}; };