From b95b91c956698d82935d0097bb15d27075b8c014 Mon Sep 17 00:00:00 2001 From: andre4ik3 Date: Wed, 13 Aug 2025 08:31:17 +0000 Subject: [PATCH] nixos/dnscrypt-proxy: rename from dnscrypt-proxy2 Renames the `dnscrypt-proxy2` module (back) to `dnscrypt-proxy`, to match the package, which was renamed in 2023. The systemd service is also renamed to `dnscrypt-proxy`, but an alias to `dnscrypt-proxy2` is provided for backwards compatibility. --- .../manual/release-notes/rl-2511.section.md | 4 +++- nixos/modules/module-list.nix | 2 +- nixos/modules/rename.nix | 1 - ...dnscrypt-proxy2.nix => dnscrypt-proxy.nix} | 19 ++++++++++++------- nixos/tests/all-tests.nix | 2 +- ...dnscrypt-proxy2.nix => dnscrypt-proxy.nix} | 8 ++++---- nixos/tests/dnsdist.nix | 8 ++++---- pkgs/by-name/dn/dnscrypt-proxy/package.nix | 2 +- pkgs/by-name/dn/dnsmasq/package.nix | 2 +- 9 files changed, 27 insertions(+), 21 deletions(-) rename nixos/modules/services/networking/{dnscrypt-proxy2.nix => dnscrypt-proxy.nix} (87%) rename nixos/tests/{dnscrypt-proxy2.nix => dnscrypt-proxy.nix} (85%) diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md index ede6b54dbd7b..24ff0b6af6f2 100644 --- a/nixos/doc/manual/release-notes/rl-2511.section.md +++ b/nixos/doc/manual/release-notes/rl-2511.section.md @@ -186,7 +186,9 @@ - `services.dependency-track` removed its configuration of the JVM heap size. This lets the JVM choose its maximum heap size automatically, which should work much better in practice for most users. For deployments on systems with little RAM, it may now be necessary to manually configure a maximum heap size using {option}`services.dependency-track.javaArgs`. -- `services.dnscrypt-proxy2` gains a `package` option to specify dnscrypt-proxy package to use. +- `services.dnscrypt-proxy2` was renamed to `services.dnscrypt-proxy` to match the package name. The systemd service is now also `dnscrypt-proxy`, but the old name is still provided as an alias for backwards compatibility. + +- `services.dnscrypt-proxy` gains a `package` option to specify dnscrypt-proxy package to use. - `services.nextcloud.configureRedis` now defaults to `true` in accordance with upstream recommendations to have caching for file locking. See the [upstream doc](https://docs.nextcloud.com/server/31/admin_manual/configuration_files/files_locking_transactional.html) for further details. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 93a649314d6a..061fe8776b70 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1123,7 +1123,7 @@ ./services/networking/deconz.nix ./services/networking/dhcpcd.nix ./services/networking/dnscache.nix - ./services/networking/dnscrypt-proxy2.nix + ./services/networking/dnscrypt-proxy.nix ./services/networking/dnsdist.nix ./services/networking/dnsmasq.nix ./services/networking/dnsproxy.nix diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index ef212ef7f4b6..ef91e5c2ac75 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -131,7 +131,6 @@ in "services" "deepin" ] "the Deepin desktop environment has been removed from nixpkgs due to lack of maintenance.") - (mkRemovedOptionModule [ "services" "dnscrypt-proxy" ] "Use services.dnscrypt-proxy2 instead") (mkRemovedOptionModule [ "services" "dnscrypt-wrapper" ] '' The dnscrypt-wrapper module was removed since the project has been effectively unmaintained since 2018; moreover the NixOS module had to rely on an abandoned version of dnscrypt-proxy v1 for the rotation of keys. diff --git a/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix similarity index 87% rename from nixos/modules/services/networking/dnscrypt-proxy2.nix rename to nixos/modules/services/networking/dnscrypt-proxy.nix index d305d8cb524b..4e87685fa4b2 100644 --- a/nixos/modules/services/networking/dnscrypt-proxy2.nix +++ b/nixos/modules/services/networking/dnscrypt-proxy.nix @@ -7,13 +7,17 @@ let - cfg = config.services.dnscrypt-proxy2; + cfg = config.services.dnscrypt-proxy; in { - options.services.dnscrypt-proxy2 = { - enable = lib.mkEnableOption "dnscrypt-proxy2"; + imports = [ + (lib.mkRenamedOptionModule [ "services" "dnscrypt-proxy2" ] [ "services" "dnscrypt-proxy" ]) + ]; + + options.services.dnscrypt-proxy = { + enable = lib.mkEnableOption "dnscrypt-proxy"; package = lib.mkPackageOption pkgs "dnscrypt-proxy" { }; @@ -38,7 +42,7 @@ in upstreamDefaults = lib.mkOption { description = '' - Whether to base the config declared in {option}`services.dnscrypt-proxy2.settings` on the upstream example config () + Whether to base the config declared in {option}`services.dnscrypt-proxy.settings` on the upstream example config () Disable this if you want to declare your dnscrypt config from scratch. ''; @@ -49,7 +53,7 @@ in configFile = lib.mkOption { description = '' Path to TOML config file. See: - If this option is set, it will override any configuration done in options.services.dnscrypt-proxy2.settings. + If this option is set, it will override any configuration done in options.services.dnscrypt-proxy.settings. ''; example = "/etc/dnscrypt-proxy/dnscrypt-proxy.toml"; type = lib.types.path; @@ -73,7 +77,7 @@ in } ${pkgs.buildPackages.remarshal}/bin/json2toml < config.json > $out ''; - defaultText = lib.literalMD "TOML file generated from {option}`services.dnscrypt-proxy2.settings`"; + defaultText = lib.literalMD "TOML file generated from {option}`services.dnscrypt-proxy.settings`"; }; }; @@ -81,7 +85,7 @@ in networking.nameservers = lib.mkDefault [ "127.0.0.1" ]; - systemd.services.dnscrypt-proxy2 = { + systemd.services.dnscrypt-proxy = { description = "DNSCrypt-proxy client"; wants = [ "network-online.target" @@ -93,6 +97,7 @@ in wantedBy = [ "multi-user.target" ]; + aliases = [ "dnscrypt-proxy2.service" ]; serviceConfig = { AmbientCapabilities = "CAP_NET_BIND_SERVICE"; CacheDirectory = "dnscrypt-proxy"; diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3c6f89dcb2ae..f342dd5aa21c 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -438,7 +438,7 @@ in imports = [ ./discourse.nix ]; _module.args.package = pkgs.discourseAllPlugins; }; - dnscrypt-proxy2 = runTestOn [ "x86_64-linux" ] ./dnscrypt-proxy2.nix; + dnscrypt-proxy = runTestOn [ "x86_64-linux" ] ./dnscrypt-proxy.nix; dnsdist = import ./dnsdist.nix { inherit pkgs runTest; }; doas = runTest ./doas.nix; docker = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./docker.nix; diff --git a/nixos/tests/dnscrypt-proxy2.nix b/nixos/tests/dnscrypt-proxy.nix similarity index 85% rename from nixos/tests/dnscrypt-proxy2.nix rename to nixos/tests/dnscrypt-proxy.nix index 125cd463b0fe..4728232eb5d9 100644 --- a/nixos/tests/dnscrypt-proxy2.nix +++ b/nixos/tests/dnscrypt-proxy.nix @@ -3,7 +3,7 @@ let localProxyPort = 43; in { - name = "dnscrypt-proxy2"; + name = "dnscrypt-proxy"; meta.maintainers = with lib.maintainers; [ joachifm ]; nodes = { @@ -14,8 +14,8 @@ in { security.apparmor.enable = true; - services.dnscrypt-proxy2.enable = true; - services.dnscrypt-proxy2.settings = { + services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy.settings = { listen_addresses = [ "127.0.0.1:${toString localProxyPort}" ]; sources.public-resolvers = { urls = [ "https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md" ]; @@ -32,7 +32,7 @@ in testScript = '' client.wait_for_unit("dnsmasq") - client.wait_for_unit("dnscrypt-proxy2") + client.wait_for_unit("dnscrypt-proxy") client.wait_until_succeeds("ss --numeric --udp --listening | grep -q ${toString localProxyPort}") ''; } diff --git a/nixos/tests/dnsdist.nix b/nixos/tests/dnsdist.nix index e345a6157ea0..25f7ed6ce126 100644 --- a/nixos/tests/dnsdist.nix +++ b/nixos/tests/dnsdist.nix @@ -72,9 +72,9 @@ in ]; nodes.client = { - services.dnscrypt-proxy2.enable = true; - services.dnscrypt-proxy2.upstreamDefaults = false; - services.dnscrypt-proxy2.settings = { + services.dnscrypt-proxy.enable = true; + services.dnscrypt-proxy.upstreamDefaults = false; + services.dnscrypt-proxy.settings = { server_names = [ "server" ]; listen_addresses = [ "[::1]:53" ]; cache = false; @@ -92,7 +92,7 @@ in almost_expiration = server.succeed("date --date '14min'").strip() with subtest("The DNSCrypt client can connect to the server"): - client.wait_until_succeeds("journalctl -u dnscrypt-proxy2 --grep '\\[server\\] OK'") + client.wait_until_succeeds("journalctl -u dnscrypt-proxy --grep '\\[server\\] OK'") with subtest("DNS queries over UDP are working"): client.wait_for_open_port(53) diff --git a/pkgs/by-name/dn/dnscrypt-proxy/package.nix b/pkgs/by-name/dn/dnscrypt-proxy/package.nix index d6ec537b4cbf..7a2bc3e4e860 100644 --- a/pkgs/by-name/dn/dnscrypt-proxy/package.nix +++ b/pkgs/by-name/dn/dnscrypt-proxy/package.nix @@ -20,7 +20,7 @@ buildGoModule rec { hash = "sha256-IFfhcirUGbp/pKFN/5aEpuIuhSR3ZS4K7TatBtaX5zg="; }; - passthru.tests = { inherit (nixosTests) dnscrypt-proxy2; }; + passthru.tests = { inherit (nixosTests) dnscrypt-proxy; }; meta = with lib; { description = "Tool that provides secure DNS resolution"; diff --git a/pkgs/by-name/dn/dnsmasq/package.nix b/pkgs/by-name/dn/dnsmasq/package.nix index e97483f04979..90dca5e23caf 100644 --- a/pkgs/by-name/dn/dnsmasq/package.nix +++ b/pkgs/by-name/dn/dnsmasq/package.nix @@ -103,7 +103,7 @@ stdenv.mkDerivation rec { prometheus-exporter = nixosTests.prometheus-exporters.dnsmasq; # these tests use dnsmasq incidentally - inherit (nixosTests) dnscrypt-proxy2; + inherit (nixosTests) dnscrypt-proxy; kubernetes-dns-single = nixosTests.kubernetes.dns-single-node; kubernetes-dns-multi = nixosTests.kubernetes.dns-multi-node; };