initial import

2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
--- a/dnscrypt-proxy/config-privacy.patch
+++ b/dnscrypt-proxy/config-privacy.patch
@@ -0,0 +1,250 @@
+diff --git a/dnscrypt-proxy/example-blacklist.txt b/dnscrypt-proxy/example-blacklist.txt
+index a63e1e89..94031b83 100644
+--- a/dnscrypt-proxy/example-blacklist.txt
+++ b/dnscrypt-proxy/example-blacklist.txt
+@@ -34,5 +34,5 @@ eth0.me
+ 
+ ## Time-based rules
+ 
+-# *.youtube.*  @time-to-sleep
+-# facebook.com @work
+# invidious.namazso.eu @time-to-sleep
+# *.hyperbola.info @work
+diff --git a/dnscrypt-proxy/example-cloaking-rules.txt b/dnscrypt-proxy/example-cloaking-rules.txt
+index 7f98c2e3..8f85eeb4 100644
+--- a/dnscrypt-proxy/example-cloaking-rules.txt
+++ b/dnscrypt-proxy/example-cloaking-rules.txt
+@@ -2,27 +2,9 @@
+ #        Cloaking rules        #
+ ################################
+ 
+-# The following example rules force "safe" (without adult content) search
+-# results from Google, Bing and YouTube.
+-#
+ # This has to be enabled with the `cloaking_rules` parameter in the main
+ # configuration file
+ 
+-
+-www.google.*             forcesafesearch.google.com
+-
+-www.bing.com             strict.bing.com
+-
+-yandex.ru                familysearch.yandex.ru       # inline comments are allowed after a pound sign
+-
+-=duckduckgo.com          safe.duckduckgo.com
+-
+-www.youtube.com          restrictmoderate.youtube.com
+-m.youtube.com            restrictmoderate.youtube.com
+-youtubei.googleapis.com  restrictmoderate.youtube.com
+-youtube.googleapis.com   restrictmoderate.youtube.com
+-www.youtube-nocookie.com restrictmoderate.youtube.com
+-
+ # Multiple IP entries for the same name are supported.
+ # In the following example, the same name maps both to IPv4 and IPv6 addresses:
+ 
+diff --git a/dnscrypt-proxy/example-dnscrypt-proxy.toml b/dnscrypt-proxy/example-dnscrypt-proxy.toml
+index ec40441c..cadadc97 100644
+--- a/dnscrypt-proxy/example-dnscrypt-proxy.toml
+++ b/dnscrypt-proxy/example-dnscrypt-proxy.toml
+@@ -29,7 +29,7 @@
+ ##
+ ## Remove the leading # first to enable this; lines starting with # are ignored.
+ 
+-# server_names = ['scaleway-fr', 'google', 'yandex', 'cloudflare']
+# server_names = ['cs-ch', 'd0wn-is-ns2', 'ibksturm', 'securedns']
+ 
+ 
+ ## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
+@@ -146,7 +146,7 @@ keepalive = 30
+ ## This file is different from other log files, and will not be
+ ## automatically rotated by the application.
+ 
+-# log_file = 'dnscrypt-proxy.log'
+# log_file = '/var/log/dnscrypt-proxy/dnscrypt-proxy.log'
+ 
+ 
+ ## When using a log file, only keep logs from the most recent launch.
+@@ -156,7 +156,7 @@ keepalive = 30
+ 
+ ## Use the system logger (syslog on Unix, Event Log on Windows)
+ 
+-# use_syslog = true
+use_syslog = true
+ 
+ 
+ ## Delay, in minutes, after which certificates are reloaded
+@@ -189,7 +189,7 @@ cert_refresh_delay = 240
+ ## This may also help on Intel CPUs running 32-bit operating systems.
+ ##
+ ## Keep tls_cipher_suite empty if you have issues fetching sources or
+-## connecting to some DoH servers. Google and Cloudflare are fine with it.
+## connecting to some DoH servers.
+ 
+ # tls_cipher_suite = [52392, 49199]
+ 
+@@ -206,11 +206,10 @@ cert_refresh_delay = 240
+ ## Resolvers supporting DNSSEC are recommended.
+ ##
+ ## People in China may need to use 114.114.114.114:53 here.
+-## Other popular options include 8.8.8.8 and 1.1.1.1.
+ ##
+ ## If more than one resolver is specified, they will be tried in sequence.
+ 
+-fallback_resolvers = ['9.9.9.9:53', '8.8.8.8:53']
+fallback_resolvers = ['84.200.69.80:53', '212.129.46.32:53', '66.70.228.164:53', '172.104.136.243:53', '112.109.84.76:53']
+ 
+ 
+ ## Always use the fallback resolver before the system DNS settings.
+@@ -236,7 +235,7 @@ netprobe_timeout = 60
+ ## On other operating systems, the connection will be initialized
+ ## but nothing will be sent at all.
+ 
+-netprobe_address = '9.9.9.9:53'
+# netprobe_address = '84.200.69.80:53'
+ 
+ 
+ ## Offline mode - Do not use any remote encrypted servers.
+@@ -310,7 +309,7 @@ reject_ttl = 600
+ 
+ ## See the `example-forwarding-rules.txt` file for an example
+ 
+-# forwarding_rules = 'forwarding-rules.txt'
+# forwarding_rules = '/etc/dnscrypt-proxy/forwarding-rules.txt'
+ 
+ 
+ 
+@@ -324,7 +323,7 @@ reject_ttl = 600
+ ##
+ ## See the `example-cloaking-rules.txt` file for an example
+ 
+-# cloaking_rules = 'cloaking-rules.txt'
+# cloaking_rules = '/etc/dnscrypt-proxy/cloaking-rules.txt'
+ 
+ ## TTL used when serving entries in cloaking-rules.txt
+ 
+@@ -408,7 +407,7 @@ cache_neg_max_ttl = 600
+   ## Path to the query log file (absolute, or relative to the same directory as the config file)
+   ## On non-Windows systems, can be /dev/stdout to log to the standard output (also set log_files_max_size to 0)
+ 
+-  # file = 'query.log'
+  # file = '/var/log/dnscrypt-proxy/query.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+@@ -434,7 +433,7 @@ cache_neg_max_ttl = 600
+ 
+   ## Path to the query log file (absolute, or relative to the same directory as the config file)
+ 
+-  # file = 'nx.log'
+  # file = '/var/log/dnscrypt-proxy/nx.log'
+ 
+ 
+   ## Query log format (currently supported: tsv and ltsv)
+@@ -469,7 +468,7 @@ cache_neg_max_ttl = 600
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -497,7 +496,7 @@ cache_neg_max_ttl = 600
+ 
+   ## Optional path to a file logging blocked queries
+ 
+-  # log_file = 'ip-blocked.log'
+  # log_file = '/var/log/dnscrypt-proxy/ip-blocked.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -525,7 +524,7 @@ cache_neg_max_ttl = 600
+ 
+   ## Optional path to a file logging whitelisted queries
+ 
+-  # log_file = 'whitelisted.log'
+  # log_file = '/var/log/dnscrypt-proxy/whitelisted.log'
+ 
+ 
+   ## Optional log format: tsv or ltsv (default: tsv)
+@@ -543,8 +542,8 @@ cache_neg_max_ttl = 600
+ ## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
+ ##
+ ## For example, the following rule in a blacklist file:
+-## *.youtube.* @time-to-sleep
+-## would block access to YouTube during the times defined by the 'time-to-sleep' schedule.
+## invidious.namazso.eu @time-to-sleep
+## would block access to Invidious instance only during the times defined by the 'time-to-sleep' schedule.
+ ##
+ ## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
+ ## {after= '9:00', before='18:00'} matches 9:00-18:00
+@@ -590,40 +589,15 @@ cache_neg_max_ttl = 600
+ 
+ [sources]
+ 
+-  ## An example of a remote source from https://github.com/DNSCrypt/dnscrypt-resolvers
+  ## This list is maintained by Jesús E. < heckyel [at] hyperbola [dot] info >
+ 
+-  [sources.'public-resolvers']
+-  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md', 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md']
+-  cache_file = 'public-resolvers.md'
+-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+-  prefix = ''
+-
+-  ## Anonymized DNS relays
+-
+-  [sources.'relays']
+-  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md', 'https://download.dnscrypt.info/resolvers-list/v2/relays.md']
+-  cache_file = 'relays.md'
+-  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+  [sources.'extra-resolvers']
+  urls = ['https://git.sr.ht/~heckyel/resolvers-list/blob/master/extra-resolvers.md']
+  cache_file = '/var/cache/dnscrypt-proxy/extra-resolvers.md'
+  minisign_key = 'RWQIrgNLO4JgxhKU+K5L+z8Y0YTDZv68NZQ5hOAoBT1/admHrfLt9Eyl'
+   refresh_delay = 72
+   prefix = ''
+ 
+-  ## Quad9 over DNSCrypt - https://quad9.net/
+-
+-  # [sources.quad9-resolvers]
+-  # urls = ['https://www.quad9.net/quad9-resolvers.md']
+-  # minisign_key = 'RWQBphd2+f6eiAqBsvDZEBXBGHQBJfeG6G+wJPPKxCZMoEQYpmoysKUN'
+-  # cache_file = 'quad9-resolvers.md'
+-  # prefix = 'quad9-'
+-
+-  ## Another example source, with resolvers censoring some websites not appropriate for children
+-  ## This is a subset of the `public-resolvers` list, so enabling both is useless
+-
+-  #  [sources.'parental-control']
+-  #  urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md', 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md']
+-  #  cache_file = 'parental-control.md'
+-  #  minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
+-
+-
+ 
+ #########################################
+ #        Servers with known bugs        #
+diff --git a/dnscrypt-proxy/example-forwarding-rules.txt b/dnscrypt-proxy/example-forwarding-rules.txt
+index 97a4859e..bf274292 100644
+--- a/dnscrypt-proxy/example-forwarding-rules.txt
+++ b/dnscrypt-proxy/example-forwarding-rules.txt
+@@ -20,5 +20,5 @@
+ # internal        192.168.1.1
+ # localdomain     192.168.1.1
+ 
+-## Forward queries for example.com and *.example.com to 9.9.9.9 and 8.8.8.8
+-# example.com     9.9.9.9,8.8.8.8
+## Forward queries for example.com and *.example.com to 127.0.0.1 and 0.0.0.0
+# example.com     127.0.0.1,0.0.0.0
+diff --git a/dnscrypt-proxy/example-whitelist.txt b/dnscrypt-proxy/example-whitelist.txt
+index 66190784..ca3dc0ca 100644
+--- a/dnscrypt-proxy/example-whitelist.txt
+++ b/dnscrypt-proxy/example-whitelist.txt
+@@ -21,5 +21,5 @@ tracker.debian.org
+ 
+ ## Time-based rules
+ 
+-# *.youtube.*  @time-to-play
+-# facebook.com @play
+# invidious.namazso.eu  @time-to-play
+# *.hyperbola.info @play