diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index 498ee0fa00a..35c10d3e593 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -370,6 +370,13 @@
unbound-control without passing a custom configuration location.
+
+
+ The services.dnscrypt-proxy2 module now takes the upstream's example configuration and updates it with the user's settings.
+
+ An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
+
+
NixOS now defaults to the unified cgroup hierarchy (cgroupsv2).
diff --git a/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixos/modules/services/networking/dnscrypt-proxy2.nix
index dda61212216..ff8a2ab3077 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy2.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy2.nix
@@ -27,6 +27,16 @@ in
default = {};
};
+ upstreamDefaults = mkOption {
+ description = ''
+ Whether to base the config declared in services.dnscrypt-proxy2.settings on the upstream example config ()
+
+ Disable this if you want to declare your dnscrypt config from scratch.
+ '';
+ type = types.bool;
+ default = true;
+ };
+
configFile = mkOption {
description = ''
Path to TOML config file. See:
@@ -38,7 +48,13 @@ in
json = builtins.toJSON cfg.settings;
passAsFile = [ "json" ];
} ''
- ${pkgs.remarshal}/bin/json2toml < $jsonPath > $out
+ ${if cfg.upstreamDefaults then ''
+ ${pkgs.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy2.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json
+ ${pkgs.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two
+ '' else ''
+ cp $jsonPath config.json
+ ''}
+ ${pkgs.remarshal}/bin/json2toml < config.json > $out
'';
defaultText = literalExample "TOML file generated from services.dnscrypt-proxy2.settings";
};