From e4c49db668f9142644677f6ae4a9ddc3979984b9 Mon Sep 17 00:00:00 2001
From: Atemu <atemu.main@gmail.com>
Date: Sat, 14 Mar 2020 14:42:52 +0100
Subject: [PATCH 1/2] nixos/dnscrypt-proxy2: base settings on example config

Dnscrypt-proxy needs some options to be set before it can do anything useful.

Currently, we only apply what the user configured which, by default, is nothing.

This leads to the dnscrypt-proxy2 service failing to start when you only set
`enable = true;` which is not a great user experience.

This patch makes the module take the example config from the upstream repo as a
base on top of which the user-specified settings are applied (it contains sane
defaults).

An option has been added to restore the old behaviour.
---
 .../services/networking/dnscrypt-proxy2.nix    | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/dnscrypt-proxy2.nix b/nixos/modules/services/networking/dnscrypt-proxy2.nix
index dda61212216..ff8a2ab3077 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy2.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy2.nix
@@ -27,6 +27,16 @@ in
       default = {};
     };
 
+    upstreamDefaults = mkOption {
+      description = ''
+        Whether to base the config declared in <literal>services.dnscrypt-proxy2.settings</literal> on the upstream example config (<link xlink:href="https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml"/>)
+
+        Disable this if you want to declare your dnscrypt config from scratch.
+      '';
+      type = types.bool;
+      default = true;
+    };
+
     configFile = mkOption {
       description = ''
         Path to TOML config file. See: <link xlink:href="https://github.com/DNSCrypt/dnscrypt-proxy/blob/master/dnscrypt-proxy/example-dnscrypt-proxy.toml"/>
@@ -38,7 +48,13 @@ in
         json = builtins.toJSON cfg.settings;
         passAsFile = [ "json" ];
       } ''
-        ${pkgs.remarshal}/bin/json2toml < $jsonPath > $out
+        ${if cfg.upstreamDefaults then ''
+          ${pkgs.remarshal}/bin/toml2json ${pkgs.dnscrypt-proxy2.src}/dnscrypt-proxy/example-dnscrypt-proxy.toml > example.json
+          ${pkgs.jq}/bin/jq --slurp add example.json $jsonPath > config.json # merges the two
+        '' else ''
+          cp $jsonPath config.json
+        ''}
+        ${pkgs.remarshal}/bin/json2toml < config.json > $out
       '';
       defaultText = literalExample "TOML file generated from services.dnscrypt-proxy2.settings";
     };

From 5242cec1b81701479bbec7cd878c46ad4e2faf53 Mon Sep 17 00:00:00 2001
From: Atemu <atemu.main@gmail.com>
Date: Wed, 2 Dec 2020 09:34:15 +0100
Subject: [PATCH 2/2] rl-2103: document nixos/dnscrypt-proxy2's default config
 change

---
 nixos/doc/manual/release-notes/rl-2103.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index 374933d3012..10f680f1118 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -357,6 +357,13 @@
      <literal>unbound-control</literal> without passing a custom configuration location.
     </para>
    </listitem>
+   <listitem>
+    <para>
+     The <literal>services.dnscrypt-proxy2</literal> module now takes the upstream's example configuration and updates it with the user's settings.
+
+     An option has been added to restore the old behaviour if you prefer to declare the configuration from scratch.
+    </para>
+   </listitem>
    <listitem>
     <para>
      NixOS now defaults to the unified cgroup hierarchy (cgroupsv2).