summaryrefslogtreecommitdiff
path: root/network/dnscrypt-wrapper/dnscrypt-wrapper.default
diff options
context:
space:
mode:
Diffstat (limited to 'network/dnscrypt-wrapper/dnscrypt-wrapper.default')
-rw-r--r--network/dnscrypt-wrapper/dnscrypt-wrapper.default70
1 files changed, 70 insertions, 0 deletions
diff --git a/network/dnscrypt-wrapper/dnscrypt-wrapper.default b/network/dnscrypt-wrapper/dnscrypt-wrapper.default
new file mode 100644
index 0000000000..4d97d997d2
--- /dev/null
+++ b/network/dnscrypt-wrapper/dnscrypt-wrapper.default
@@ -0,0 +1,70 @@
+# /etc/default/dnscrypt-wrapper
+
+# This file contains the configuration settings for dnscrypt-wrapper. In the
+# unusual event that you may wish to run multiple instances on the same
+# machine, this file supports configuring and running multiple instances (see
+# the bottom of this file for a sample secondary configuration).
+
+# CHROOTDIR should be the same path as the USER's home directory.
+# For the standard dnscrypt user this should be "/run/dnscrypt". For nobody,
+# this should be "/".
+CHROOTDIR[0]="/run/dnscrypt"
+#CHROOTDIR[0]="/"
+
+# The address and (optional) port to listen on. The default port is 53.
+LISTENADDRESS[0]="0.0.0.0:53"
+
+# The pid file for this instance. PIDFILE must always be specified for each
+# instance!
+PIDFILE[0]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-0.pid"
+
+# Runs the daemon as the following user and chroots to that user's home
+# directory (this is a security feature -- it is best not to change this!)
+USER[0]="dnscrypt"
+#USER[0]="nobody"
+
+# If DNSCRYPTDIR is set, it will look for files crypt_public.key,
+# crypt_secret.key, public.key, and secret.key in the specified directory.
+# CRYPTPUBLICKEYFILE, CRYPTSECRETKEYFILE, PROVIDERPUBLICKEYFILE and
+# PROVIDERSECRETKEYFILE will be ignored.
+DNSCRYPTDIR[0]="/var/lib/dnscrypt-wrapper"
+
+# Or, if DNSCRYPTDIR is unset, you can specify those files manually.
+#CRYPTPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_public.key"
+#CRYPTSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/crypt_secret.key"
+#PROVIDERPUBLICKEYFILE[0]="/var/lib/dnscrypt-wrapper/public.key"
+#PROVIDERSECRETKEYFILE[0]="/var/lib/dnscrypt-wrapper/secret.key"
+
+# PROVIDERNAME is the fully qualified domain name that identifies the server.
+# For a LAN service the first example should work (you should replace hostname
+# with your actual hostname since it will be used by clients). For a public
+# service you should use a real domain like the second example.
+PROVIDERNAME[0]="2.dnscrypt-cert.hostname.localdomain"
+#PROVIDERNAME[0]="2.dnscrypt-cert.example.com"
+
+# PROVIDERCERTFILE is the location of the pre-signed certificate generated. If
+# you are running a public service, it may be desirable to omit this option and
+# instead store the generated pre-signed certificate (binary string) in a TXT
+# record for your provider name (set by PROVIDERNAME above) so that the
+# certificate will be provided by a nameserver instead of directly by
+# dnscrypt-wrapper. See /usr/doc/dnscrypt-wrapper-@VERSION@/README.md for more.
+PROVIDERCERTFILE[0]="/var/lib/dnscrypt-wrapper/dnscrypt.cert"
+
+# The address of the DNS resolver to use to forward requests. You will probably
+# want to change this! If you run your own nameserver (or forwarder) you should
+# point it there. You may wish to use the nameserver from /etc/resolv.conf.
+RESOLVERADDRESS[0]="8.8.8.8:53"
+
+# Where to log.
+LOGFILE[0]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper.log"
+
+# A simple example configuration for a second instance
+#CHROOTDIR[1]="/run/dnscrypt"
+#LISTENADDRESS[1]="0.0.0.0:5353"
+#PIDFILE[1]="/var/run/dnscrypt-wrapper/dnscrypt-wrapper-1.pid"
+#USER[1]="dnscrypt"
+#DNSCRYPTDIR[1]="/var/lib/dnscrypt-wrapper/1"
+#PROVIDERNAME[1]="2.dnscrypt-cert.hostname.localdomain"
+#PROVIDERCERTFILE[1]="/var/lib/dnscrypt-wrapper/1/dnscrypt.cert"
+#RESOLVERADDRESS[1]="8.8.8.8:53"
+#LOGFILE[1]="/var/log/dnscrypt-wrapper/dnscrypt-wrapper-1.log"