From bd448b713944524f41a8d37cfe59d4594b536911 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Tue, 10 May 2016 06:33:54 +0200
Subject: [PATCH] dnscrypt-proxy service: use up-to-date dnscrypt-resolvers
 list

The list of public proxies is updated now and again and it's probably a
good idea to always work from the most recent list, rather than the one
that is shipped with the release.  This can be crucial in case of
resolvers that are revealed to have gone rogue or otherwise have been
compromised.
---
 nixos/modules/services/networking/dnscrypt-proxy.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/dnscrypt-proxy.nix b/nixos/modules/services/networking/dnscrypt-proxy.nix
index 3961088c4b0..4521f82f5db 100644
--- a/nixos/modules/services/networking/dnscrypt-proxy.nix
+++ b/nixos/modules/services/networking/dnscrypt-proxy.nix
@@ -6,7 +6,12 @@ let
   dnscrypt-proxy = pkgs.dnscrypt-proxy;
   cfg = config.services.dnscrypt-proxy;
 
-  resolverListFile = "${dnscrypt-proxy}/share/dnscrypt-proxy/dnscrypt-resolvers.csv";
+  # last updated: 2016-05-04
+  resolverListFile = pkgs.fetchurl {
+    url = "https://raw.githubusercontent.com/jedisct1/dnscrypt-proxy/master/dnscrypt-resolvers.csv";
+    sha256 = "07kbbisrvrqdxif3061hxj3whin3llg4nh50ln7prisi2vbd76xd";
+  };
+
   localAddress = "${cfg.localAddress}:${toString cfg.localPort}";
 
   daemonArgs =