initial release
This commit is contained in:
commit
71c6356036
|
@ -0,0 +1,8 @@
|
|||
# Declare files that will always have LF line endings on checkout.
|
||||
META-INF/** text eol=lf
|
||||
*.prop text eol=lf
|
||||
*.sh text eol=lf
|
||||
*.md text eol=lf
|
||||
|
||||
# Denote all files that are truly binary and should not be modified.
|
||||
system/** binary
|
|
@ -0,0 +1,153 @@
|
|||
#!/sbin/sh
|
||||
##########################################################################################
|
||||
#
|
||||
# Magisk Module Template Install Script
|
||||
# by topjohnwu
|
||||
#
|
||||
##########################################################################################
|
||||
|
||||
# Detect whether in boot mode
|
||||
ps | grep zygote | grep -v grep >/dev/null && BOOTMODE=true || BOOTMODE=false
|
||||
$BOOTMODE || ps -A 2>/dev/null | grep zygote | grep -v grep >/dev/null && BOOTMODE=true
|
||||
|
||||
TMPDIR=/dev/tmp
|
||||
INSTALLER=$TMPDIR/install
|
||||
MAGISKBIN=/data/adb/magisk
|
||||
|
||||
# Default permissions
|
||||
umask 022
|
||||
|
||||
# Initial cleanup
|
||||
rm -rf $TMPDIR 2>/dev/null
|
||||
mkdir -p $INSTALLER
|
||||
|
||||
# echo before loading util_functions
|
||||
ui_print() { echo "$1"; }
|
||||
|
||||
require_new_magisk() {
|
||||
ui_print "*******************************"
|
||||
ui_print " Please install Magisk v15.0+! "
|
||||
ui_print "*******************************"
|
||||
exit 1
|
||||
}
|
||||
|
||||
##########################################################################################
|
||||
# Environment
|
||||
##########################################################################################
|
||||
|
||||
OUTFD=$2
|
||||
ZIP=$3
|
||||
|
||||
mount /data 2>/dev/null
|
||||
|
||||
# Utility functions must exist
|
||||
[ -f $MAGISKBIN/util_functions.sh ] || require_new_magisk
|
||||
# Load utility fuctions
|
||||
. $MAGISKBIN/util_functions.sh
|
||||
|
||||
# We can't alter magisk image live, use alternative image if required
|
||||
$BOOTMODE && IMG=/data/adb/magisk_merge.img
|
||||
# Always mount under tmp
|
||||
MOUNTPATH=$TMPDIR/magisk_img
|
||||
|
||||
# Preperation for flashable zips
|
||||
get_outfd
|
||||
|
||||
# Mount partitions
|
||||
mount_partitions
|
||||
|
||||
# Detect version and architecture
|
||||
api_level_arch_detect
|
||||
|
||||
# You can get the Android API version from $API, the CPU architecture from $ARCH
|
||||
# Useful if you are creating Android version / platform dependent mods
|
||||
|
||||
# Setup busybox and binaries
|
||||
$BOOTMODE && boot_actions || recovery_actions
|
||||
|
||||
##########################################################################################
|
||||
# Preparation
|
||||
##########################################################################################
|
||||
|
||||
# Extract common files
|
||||
unzip -o "$ZIP" module.prop config.sh 'common/*' -d $INSTALLER >&2
|
||||
|
||||
[ ! -f $INSTALLER/config.sh ] && abort "! Unable to extract zip file!"
|
||||
# Load configurations
|
||||
. $INSTALLER/config.sh
|
||||
|
||||
# Check the installed magisk version
|
||||
MIN_VER=`grep_prop minMagisk $INSTALLER/module.prop`
|
||||
[ ! -z $MAGISK_VER_CODE -a $MAGISK_VER_CODE -ge $MIN_VER ] || require_new_magisk
|
||||
MODID=`grep_prop id $INSTALLER/module.prop`
|
||||
MODPATH=$MOUNTPATH/$MODID
|
||||
|
||||
# Print mod name
|
||||
print_modname
|
||||
|
||||
# Please leave this message in your flashable zip for credits :)
|
||||
ui_print "******************************"
|
||||
ui_print "Powered by Magisk (@topjohnwu)"
|
||||
ui_print "******************************"
|
||||
|
||||
##########################################################################################
|
||||
# Install
|
||||
##########################################################################################
|
||||
|
||||
# Get the variable reqSizeM. Use your own method to determine reqSizeM if needed
|
||||
request_zip_size_check "$ZIP"
|
||||
|
||||
# This function will mount $IMG to $MOUNTPATH, and resize the image based on $reqSizeM
|
||||
mount_magisk_img
|
||||
|
||||
# Create mod paths
|
||||
rm -rf $MODPATH 2>/dev/null
|
||||
mkdir -p $MODPATH
|
||||
|
||||
# custom install begin
|
||||
install_dnscrypt_proxy
|
||||
# custom install end
|
||||
|
||||
# Remove placeholder
|
||||
rm -f $MODPATH/system/placeholder 2>/dev/null
|
||||
|
||||
# Handle replace folders
|
||||
for TARGET in $REPLACE; do
|
||||
mktouch $MODPATH$TARGET/.replace
|
||||
done
|
||||
|
||||
# Auto Mount
|
||||
$AUTOMOUNT && touch $MODPATH/auto_mount
|
||||
|
||||
# prop files
|
||||
$PROPFILE && cp -af $INSTALLER/common/system.prop $MODPATH/system.prop
|
||||
|
||||
# Module info
|
||||
cp -af $INSTALLER/module.prop $MODPATH/module.prop
|
||||
if $BOOTMODE; then
|
||||
# Update info for Magisk Manager
|
||||
mktouch /sbin/.core/img/$MODID/update
|
||||
cp -af $INSTALLER/module.prop /sbin/.core/img/$MODID/module.prop
|
||||
fi
|
||||
|
||||
# post-fs-data mode scripts
|
||||
$POSTFSDATA && cp -af $INSTALLER/common/post-fs-data.sh $MODPATH/post-fs-data.sh
|
||||
|
||||
# service mode scripts
|
||||
$LATESTARTSERVICE && cp -af $INSTALLER/common/service.sh $MODPATH/service.sh
|
||||
|
||||
ui_print "- Setting permissions"
|
||||
set_permissions
|
||||
|
||||
##########################################################################################
|
||||
# Finalizing
|
||||
##########################################################################################
|
||||
|
||||
# Unmount magisk image and shrink if possible
|
||||
unmount_magisk_img
|
||||
|
||||
$BOOTMODE || recovery_cleanup
|
||||
rm -rf $TMPDIR
|
||||
|
||||
ui_print "- Done"
|
||||
exit 0
|
|
@ -0,0 +1 @@
|
|||
#MAGISK
|
|
@ -0,0 +1,9 @@
|
|||
# Magisk Module Template
|
||||
|
||||
This `README.md` will be shown in Magisk Manager. Place any information / changelog / notes you like.
|
||||
|
||||
**Please update `README.md` if you want to submit your module to the online repo!**
|
||||
|
||||
Github has its own online markdown editor with a preview feature, you can use it to update your `README.md`! If you need more advanced syntax, check the [Markdown Cheat Sheet](https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet).
|
||||
|
||||
For more information about modules and repos, please check the [official documentations](https://github.com/topjohnwu/Magisk/blob/master/docs/modules.md)
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,7 @@
|
|||
#!/system/bin/sh
|
||||
# Please don't hardcode /magisk/modname/... ; instead, please use $MODDIR/...
|
||||
# This will make your scripts compatible even if Magisk change its mount point in the future
|
||||
MODDIR=${0%/*}
|
||||
|
||||
# This script will be executed in post-fs-data mode
|
||||
# More info in the main Magisk thread
|
|
@ -0,0 +1,21 @@
|
|||
#!/system/bin/sh
|
||||
# Please don't hardcode /magisk/modname/... ; instead, please use $MODDIR/...
|
||||
# This will make your scripts compatible even if Magisk change its mount point in the future
|
||||
MODDIR=${0%/*}
|
||||
|
||||
# This script will be executed in late_start service mode
|
||||
# More info in the main Magisk thread
|
||||
|
||||
$MODDIR/system/xbin/dnscrypt-proxy -config $MODDIR/system/etc/dnscrypt-proxy/dnscrypt-proxy.toml &
|
||||
while true
|
||||
do
|
||||
ping -c 1 google.com
|
||||
if [[ $? == 0 ]];
|
||||
then
|
||||
iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
iptables-t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53
|
||||
break;
|
||||
else
|
||||
sleep 5
|
||||
fi
|
||||
done
|
|
@ -0,0 +1,3 @@
|
|||
# This file will be read by resetprop
|
||||
# Example: Change dpi
|
||||
# ro.sf.lcd_density=320
|
|
@ -0,0 +1,131 @@
|
|||
##########################################################################################
|
||||
#
|
||||
# Magisk Module Template Config Script
|
||||
# by topjohnwu
|
||||
#
|
||||
##########################################################################################
|
||||
##########################################################################################
|
||||
#
|
||||
# Instructions:
|
||||
#
|
||||
# 1. Place your files into system folder (delete the placeholder file)
|
||||
# 2. Fill in your module's info into module.prop
|
||||
# 3. Configure the settings in this file (config.sh)
|
||||
# 4. If you need boot scripts, add them into common/post-fs-data.sh or common/service.sh
|
||||
# 5. Add your additional or modified system properties into common/system.prop
|
||||
#
|
||||
##########################################################################################
|
||||
|
||||
##########################################################################################
|
||||
# Configs
|
||||
##########################################################################################
|
||||
|
||||
# Set to true if you need to enable Magic Mount
|
||||
# Most mods would like it to be enabled
|
||||
AUTOMOUNT=true
|
||||
|
||||
# Set to true if you need to load system.prop
|
||||
PROPFILE=false
|
||||
|
||||
# Set to true if you need post-fs-data script
|
||||
POSTFSDATA=false
|
||||
|
||||
# Set to true if you need late_start service script
|
||||
LATESTARTSERVICE=true
|
||||
|
||||
##########################################################################################
|
||||
# Installation Message
|
||||
##########################################################################################
|
||||
|
||||
# Set what you want to show when installing your mod
|
||||
|
||||
print_modname() {
|
||||
ui_print "*******************************"
|
||||
ui_print " Magisk Module Template "
|
||||
ui_print "*******************************"
|
||||
}
|
||||
|
||||
##########################################################################################
|
||||
# Replace list
|
||||
##########################################################################################
|
||||
|
||||
# List all directories you want to directly replace in the system
|
||||
# Check the documentations for more info about how Magic Mount works, and why you need this
|
||||
|
||||
# This is an example
|
||||
REPLACE="
|
||||
/system/app/Youtube
|
||||
/system/priv-app/SystemUI
|
||||
/system/priv-app/Settings
|
||||
/system/framework
|
||||
"
|
||||
|
||||
# Construct your own list here, it will override the example above
|
||||
# !DO NOT! remove this if you don't need to replace anything, leave it empty as it is now
|
||||
REPLACE="
|
||||
"
|
||||
|
||||
##########################################################################################
|
||||
# Permissions
|
||||
##########################################################################################
|
||||
|
||||
set_permissions() {
|
||||
# Only some special files require specific permissions
|
||||
# The default permissions should be good enough for most cases
|
||||
|
||||
# Here are some examples for the set_perm functions:
|
||||
|
||||
# set_perm_recursive <dirname> <owner> <group> <dirpermission> <filepermission> <contexts> (default: u:object_r:system_file:s0)
|
||||
# set_perm_recursive $MODPATH/system/lib 0 0 0755 0644
|
||||
|
||||
# set_perm <filename> <owner> <group> <permission> <contexts> (default: u:object_r:system_file:s0)
|
||||
# set_perm $MODPATH/system/bin/app_process32 0 2000 0755 u:object_r:zygote_exec:s0
|
||||
# set_perm $MODPATH/system/bin/dex2oat 0 2000 0755 u:object_r:dex2oat_exec:s0
|
||||
# set_perm $MODPATH/system/lib/libart.so 0 0 0644
|
||||
|
||||
# The following is default permissions, DO NOT remove
|
||||
set_perm_recursive $MODPATH 0 0 0755 0644
|
||||
set_perm $MODPATH/system/xbin/dnscrypt-proxy 0 0 0755
|
||||
}
|
||||
|
||||
##########################################################################################
|
||||
# Custom Functions
|
||||
##########################################################################################
|
||||
|
||||
# This file (config.sh) will be sourced by the main flash script after util_functions.sh
|
||||
# If you need custom logic, please add them here as functions, and call these functions in
|
||||
# update-binary. Refrain from adding code directly into update-binary, as it will make it
|
||||
# difficult for you to migrate your modules to newer template versions.
|
||||
# Make update-binary as clean as possible, try to only do function calls in it.
|
||||
|
||||
install_dnscrypt_proxy(){
|
||||
if [ "$ARCH" == "arm" ];then
|
||||
BINARY_PATH=$INSTALLER/binary/dnscrypt-proxy-arm
|
||||
elif [ "$ARCH" == "arm64" ];then
|
||||
BINARY_PATH=$INSTALLER/binary/dnscrypt-proxy-arm64
|
||||
fi
|
||||
|
||||
CONFIG_PATH=$INSTALLER/config
|
||||
unzip -o "$ZIP" 'config/*' 'binary/*' -d $INSTALLER 2>/dev/null
|
||||
|
||||
ui_print "* Creating binary path"
|
||||
mkdir -p $MODPATH/system/xbin 2>/dev/null
|
||||
|
||||
ui_print "* Creating config path"
|
||||
mkdir -p $MODPATH/system/etc/dnscrypt-proxy 2>/dev/null
|
||||
|
||||
if [ -f "$BINARY_PATH" ]; then
|
||||
ui_print "Copying binary for $ARCH"
|
||||
cp -af $BINARY_PATH $MODPATH/system/xbin/dnscrypt-proxy
|
||||
else
|
||||
abort "Binary file for $ARCH is missing!"
|
||||
fi
|
||||
|
||||
if [ -d "$CONFIG_PATH" ]; then
|
||||
ui_print "Copying config files"
|
||||
cp -af $CONFIG_PATH/* $MODPATH/system/etc/dnscrypt-proxy
|
||||
else
|
||||
abort "Config file is missing!"
|
||||
fi
|
||||
|
||||
}
|
|
@ -0,0 +1,18 @@
|
|||
/*
|
||||
* ISC License
|
||||
*
|
||||
* Copyright (c) 2018
|
||||
* Frank Denis <j at pureftpd dot org>
|
||||
*
|
||||
* Permission to use, copy, modify, and/or distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
|
@ -0,0 +1,381 @@
|
|||
|
||||
##############################################
|
||||
# #
|
||||
# dnscrypt-proxy configuration #
|
||||
# #
|
||||
##############################################
|
||||
|
||||
## This is an example configuration file.
|
||||
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
|
||||
##
|
||||
## Online documentation is available here: https://dnscrypt.info/doc
|
||||
|
||||
|
||||
|
||||
##################################
|
||||
# Global settings #
|
||||
##################################
|
||||
|
||||
## List of servers to use
|
||||
## If this line is commented, all registered servers matching the require_* filters
|
||||
## will be used
|
||||
## The proxy will automatically pick the fastest, working servers from the list.
|
||||
|
||||
# server_names = ['scaleway-fr', 'google', 'yandex']
|
||||
|
||||
|
||||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
||||
## To only use systemd activation sockets, use an empty set: []
|
||||
|
||||
listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||
|
||||
|
||||
## Maximum number of simultaneous client connections to accept
|
||||
|
||||
max_clients = 250
|
||||
|
||||
|
||||
## Require servers (from static + remote sources) to satisfy specific properties
|
||||
|
||||
# Use servers reachable over IPv4
|
||||
ipv4_servers = true
|
||||
|
||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
||||
ipv6_servers = false
|
||||
|
||||
# Use servers implementing the DNSCrypt protocol
|
||||
dnscrypt_servers = true
|
||||
|
||||
# Use servers implementing the DNS-over-HTTPS protocol
|
||||
doh_servers = true
|
||||
|
||||
|
||||
## Require servers defined by remote sources to satisfy specific properties
|
||||
|
||||
# Server must support DNS security extensions (DNSSEC)
|
||||
require_dnssec = false
|
||||
|
||||
# Server must not log user queries (declarative)
|
||||
require_nolog = true
|
||||
|
||||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
||||
require_nofilter = true
|
||||
|
||||
|
||||
|
||||
## Always use TCP to connect to upstream servers
|
||||
|
||||
force_tcp = false
|
||||
|
||||
|
||||
## How long a DNS query will wait for a response, in milliseconds
|
||||
|
||||
timeout = 2500
|
||||
|
||||
|
||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
||||
|
||||
# lb_strategy = 'p2'
|
||||
|
||||
|
||||
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
|
||||
|
||||
# log_level = 2
|
||||
|
||||
|
||||
## log file for the application
|
||||
|
||||
# log_file = 'dnscrypt-proxy.log'
|
||||
|
||||
|
||||
## Use the system logger (syslog on Unix, Event Log on Windows)
|
||||
|
||||
# use_syslog = true
|
||||
|
||||
|
||||
## Delay, in minutes, after which certificates are reloaded
|
||||
|
||||
cert_refresh_delay = 240
|
||||
|
||||
|
||||
## Fallback resolver
|
||||
## This is a normal, non-encrypted DNS resolver, that will be only used
|
||||
## for one-shot queries when retrieving the initial resolvers list, and
|
||||
## only if the system DNS configuration doesn't work.
|
||||
## No user application queries will ever be leaked through this resolver,
|
||||
## and it will not be used after IP addresses of resolvers URLs have been found.
|
||||
## It will never be used if lists have already been cached, and if stamps
|
||||
## don't include host names without IP addresses.
|
||||
## It will not be used if the configured system DNS works.
|
||||
## A resolver supporting DNSSEC is recommended. This may become mandatory.
|
||||
|
||||
fallback_resolver = '9.9.9.9:53'
|
||||
|
||||
|
||||
## Never try to use the system DNS settings; unconditionally use the
|
||||
## fallback resolver.
|
||||
|
||||
ignore_system_dns = false
|
||||
|
||||
|
||||
|
||||
#########################
|
||||
# Filters #
|
||||
#########################
|
||||
|
||||
## Immediately respond to IPv6-related queries with an empty response
|
||||
## This makes things faster when there is no IPv6 connectivity, but can
|
||||
## also cause reliability issues with some stub resolvers. In
|
||||
## particular, enabling this on macOS is not recommended.
|
||||
|
||||
block_ipv6 = false
|
||||
|
||||
|
||||
|
||||
##################################################################################
|
||||
# Route queries for specific domains to a dedicated set of servers #
|
||||
##################################################################################
|
||||
|
||||
## Example map entries (one entry per line):
|
||||
## example.com 9.9.9.9
|
||||
## example.net 9.9.9.9,8.8.8.8
|
||||
|
||||
# forwarding_rules = 'forwarding-rules.txt'
|
||||
|
||||
|
||||
|
||||
###############################
|
||||
# Cloaking rules #
|
||||
###############################
|
||||
|
||||
## Cloaking returns a predefined address for a specific name.
|
||||
## In addition to acting as a HOSTS file, it can also return the IP address
|
||||
## of a different name. It will also do CNAME flattening.
|
||||
##
|
||||
## Example map entries (one entry per line)
|
||||
## example.com 10.1.1.1
|
||||
## www.google.com forcesafesearch.google.com
|
||||
|
||||
# cloaking_rules = 'cloaking-rules.txt'
|
||||
|
||||
|
||||
|
||||
###########################
|
||||
# DNS cache #
|
||||
###########################
|
||||
|
||||
## Enable a DNS cache to reduce latency and outgoing traffic
|
||||
|
||||
cache = true
|
||||
|
||||
|
||||
## Cache size
|
||||
|
||||
cache_size = 256
|
||||
|
||||
|
||||
## Minimum TTL for cached entries
|
||||
|
||||
cache_min_ttl = 600
|
||||
|
||||
|
||||
## Maxmimum TTL for cached entries
|
||||
|
||||
cache_max_ttl = 86400
|
||||
|
||||
|
||||
## TTL for negatively cached entries
|
||||
|
||||
cache_neg_ttl = 60
|
||||
|
||||
|
||||
|
||||
###############################
|
||||
# Query logging #
|
||||
###############################
|
||||
|
||||
## Log client queries to a file
|
||||
|
||||
[query_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'query.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
||||
format = 'tsv'
|
||||
|
||||
|
||||
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
|
||||
|
||||
# ignored_qtypes = ['DNSKEY', 'NS']
|
||||
|
||||
|
||||
|
||||
############################################
|
||||
# Suspicious queries logging #
|
||||
############################################
|
||||
|
||||
## Log queries for nonexistent zones
|
||||
## These queries can reveal the presence of malware, broken/obsolete applications,
|
||||
## and devices signaling their presence to 3rd parties.
|
||||
|
||||
[nx_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'nx.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
||||
format = 'tsv'
|
||||
|
||||
|
||||
|
||||
######################################################
|
||||
# Pattern-based blocking (blacklists) #
|
||||
######################################################
|
||||
|
||||
## Blacklists are made of one pattern per line. Example of valid patterns:
|
||||
##
|
||||
## example.com
|
||||
## *sex*
|
||||
## ads.*
|
||||
## ads*.example.*
|
||||
## ads*.example[0-9]*.com
|
||||
##
|
||||
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
|
||||
## A script to build blacklists from public feeds can be found in the
|
||||
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
|
||||
|
||||
[blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# blacklist_file = 'blacklist.txt'
|
||||
|
||||
|
||||
## Optional path to a file logging blocked queries
|
||||
|
||||
# log_file = 'blocked.log'
|
||||
|
||||
|
||||
## Optional log format: tsv or ltsv (default: tsv)
|
||||
|
||||
# log_format = 'tsv'
|
||||
|
||||
|
||||
|
||||
###########################################################
|
||||
# Pattern-based IP blocking (IP blacklists) #
|
||||
###########################################################
|
||||
|
||||
## IP blacklists are made of one pattern per line. Example of valid patterns:
|
||||
##
|
||||
## 127.*
|
||||
## fe80:abcd:*
|
||||
## 192.168.1.4
|
||||
|
||||
[ip_blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# blacklist_file = 'ip-blacklist.txt'
|
||||
|
||||
|
||||
## Optional path to a file logging blocked queries
|
||||
|
||||
# log_file = 'ip-blocked.log'
|
||||
|
||||
|
||||
## Optional log format: tsv or ltsv (default: tsv)
|
||||
|
||||
# log_format = 'tsv'
|
||||
|
||||
|
||||
|
||||
##########################################
|
||||
# Time access restrictions #
|
||||
##########################################
|
||||
|
||||
## One or more weekly schedules can be defined here.
|
||||
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
|
||||
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
|
||||
##
|
||||
## For example, the following rule in a blacklist file:
|
||||
## *.youtube.* @time-to-sleep
|
||||
## would block access to Youtube only during the days, and period of the days
|
||||
## define by the 'time-to-sleep' schedule.
|
||||
##
|
||||
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
||||
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
||||
|
||||
[schedules]
|
||||
|
||||
# [schedules.'time-to-sleep']
|
||||
# mon = [{after='21:00', before='7:00'}]
|
||||
# tue = [{after='21:00', before='7:00'}]
|
||||
# wed = [{after='21:00', before='7:00'}]
|
||||
# thu = [{after='21:00', before='7:00'}]
|
||||
# fri = [{after='23:00', before='7:00'}]
|
||||
# sat = [{after='23:00', before='7:00'}]
|
||||
# sun = [{after='21:00', before='7:00'}]
|
||||
|
||||
# [schedules.'work']
|
||||
# mon = [{after='9:00', before='18:00'}]
|
||||
# tue = [{after='9:00', before='18:00'}]
|
||||
# wed = [{after='9:00', before='18:00'}]
|
||||
# thu = [{after='9:00', before='18:00'}]
|
||||
# fri = [{after='9:00', before='17:00'}]
|
||||
|
||||
|
||||
|
||||
#########################
|
||||
# Servers #
|
||||
#########################
|
||||
|
||||
## Remote lists of available servers
|
||||
## Multiple sources can be used simultaneously, but every source
|
||||
## requires a dedicated cache file.
|
||||
##
|
||||
## Refer to the documentation for URLs of public sources.
|
||||
##
|
||||
## A prefix can be prepended to server names in order to
|
||||
## avoid collisions if different sources share the same for
|
||||
## different servers. In that case, names listed in `server_names`
|
||||
## must include the prefixes.
|
||||
##
|
||||
## A cache file can be specified without a URL in order to maintain lists
|
||||
## locally.
|
||||
|
||||
[sources]
|
||||
|
||||
## An example of a remote source
|
||||
|
||||
[sources.'public-resolvers']
|
||||
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
||||
cache_file = '/system/etc/dnscrypt-proxy/public-resolvers.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
prefix = ''
|
||||
|
||||
## Another example source, with resolvers censoring some websites not approriate for children
|
||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
||||
|
||||
# [sources.'parental-control']
|
||||
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
|
||||
# cache_file = 'parental-control.md'
|
||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
|
||||
|
||||
|
||||
## Optional, local, static list of additional servers
|
||||
## Mostly useful for testing your own servers.
|
||||
|
||||
[static]
|
||||
|
||||
[static.'google']
|
||||
stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'
|
|
@ -0,0 +1,37 @@
|
|||
|
||||
###########################
|
||||
# Blacklist #
|
||||
###########################
|
||||
|
||||
## Rules for name-based query blocking, one per line
|
||||
##
|
||||
## Example of valid patterns:
|
||||
##
|
||||
## ads.* | matches anything with an "ads." prefix
|
||||
## *.example.com | matches example.com and all names within that zone such as www.example.com
|
||||
## example.com | identical to the above
|
||||
## *sex* | matches any name containing that substring
|
||||
## ads[0-9]* | matches "ads" followed by one or more digits
|
||||
## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster
|
||||
|
||||
ad.*
|
||||
ads.*
|
||||
banner.*
|
||||
banners.*
|
||||
creatives.*
|
||||
oas.*
|
||||
oascentral.*
|
||||
stats.*
|
||||
tag.*
|
||||
telemetry.*
|
||||
tracker.*
|
||||
*.local
|
||||
eth0.me
|
||||
*.workgroup
|
||||
|
||||
|
||||
|
||||
## Time-based rules
|
||||
|
||||
# *.youtube.* @time-to-sleep
|
||||
# facebook.com @work
|
|
@ -0,0 +1,22 @@
|
|||
################################
|
||||
# Cloaking rules #
|
||||
################################
|
||||
|
||||
# The following example rules force "safe" (without adult content) search
|
||||
# results from Google, Bing and Youtube.
|
||||
#
|
||||
# This has to be enabled with the `cloaking_rules` parameter in the main
|
||||
# configuration file
|
||||
|
||||
|
||||
www.google.com forcesafesearch.google.com
|
||||
www.google.fr forcesafesearch.google.com
|
||||
|
||||
www.bing.com strict.bing.com
|
||||
|
||||
www.youtube.com restrictmoderate.youtube.com
|
||||
m.youtube.com restrictmoderate.youtube.com
|
||||
youtubei.googleapis.com restrictmoderate.youtube.com
|
||||
youtube.googleapis.com restrictmoderate.youtube.com
|
||||
www.youtube-nocookie.com restrictmoderate.youtube.com
|
||||
|
|
@ -0,0 +1,383 @@
|
|||
|
||||
##############################################
|
||||
# #
|
||||
# dnscrypt-proxy configuration #
|
||||
# #
|
||||
##############################################
|
||||
|
||||
## This is an example configuration file.
|
||||
## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"
|
||||
##
|
||||
## Online documentation is available here: https://dnscrypt.info/doc
|
||||
|
||||
|
||||
|
||||
##################################
|
||||
# Global settings #
|
||||
##################################
|
||||
|
||||
## List of servers to use
|
||||
## If this line is commented, all registered servers matching the require_* filters
|
||||
## will be used
|
||||
## The proxy will automatically pick the fastest, working servers from the list.
|
||||
## Remove the leading # first to enable this; lines starting with # are ignored.
|
||||
|
||||
# server_names = ['scaleway-fr', 'google', 'yandex']
|
||||
|
||||
|
||||
## List of local addresses and ports to listen to. Can be IPv4 and/or IPv6.
|
||||
## To only use systemd activation sockets, use an empty set: []
|
||||
|
||||
listen_addresses = ['127.0.0.1:53', '[::1]:53']
|
||||
|
||||
|
||||
## Maximum number of simultaneous client connections to accept
|
||||
|
||||
max_clients = 250
|
||||
|
||||
|
||||
## Require servers (from static + remote sources) to satisfy specific properties
|
||||
|
||||
# Use servers reachable over IPv4
|
||||
ipv4_servers = true
|
||||
|
||||
# Use servers reachable over IPv6 -- Do not enable if you don't have IPv6 connectivity
|
||||
ipv6_servers = false
|
||||
|
||||
# Use servers implementing the DNSCrypt protocol
|
||||
dnscrypt_servers = true
|
||||
|
||||
# Use servers implementing the DNS-over-HTTPS protocol
|
||||
doh_servers = true
|
||||
|
||||
|
||||
## Require servers defined by remote sources to satisfy specific properties
|
||||
|
||||
# Server must support DNS security extensions (DNSSEC)
|
||||
require_dnssec = false
|
||||
|
||||
# Server must not log user queries (declarative)
|
||||
require_nolog = true
|
||||
|
||||
# Server must not enforce its own blacklist (for parental control, ads blocking...)
|
||||
require_nofilter = true
|
||||
|
||||
|
||||
|
||||
## Always use TCP to connect to upstream servers
|
||||
|
||||
force_tcp = false
|
||||
|
||||
|
||||
## How long a DNS query will wait for a response, in milliseconds
|
||||
|
||||
timeout = 2500
|
||||
|
||||
|
||||
## Load-balancing strategy: 'p2' (default), 'ph', 'fastest' or 'random'
|
||||
|
||||
# lb_strategy = 'p2'
|
||||
|
||||
|
||||
## Log level (0-6, default: 2 - 0 is very verbose, 6 only contains fatal errors)
|
||||
|
||||
# log_level = 2
|
||||
|
||||
|
||||
## log file for the application
|
||||
|
||||
# log_file = 'dnscrypt-proxy.log'
|
||||
|
||||
|
||||
## Use the system logger (syslog on Unix, Event Log on Windows)
|
||||
|
||||
# use_syslog = true
|
||||
|
||||
|
||||
## Delay, in minutes, after which certificates are reloaded
|
||||
|
||||
cert_refresh_delay = 240
|
||||
|
||||
|
||||
## Fallback resolver
|
||||
## This is a normal, non-encrypted DNS resolver, that will be only used
|
||||
## for one-shot queries when retrieving the initial resolvers list, and
|
||||
## only if the system DNS configuration doesn't work.
|
||||
## No user application queries will ever be leaked through this resolver,
|
||||
## and it will not be used after IP addresses of resolvers URLs have been found.
|
||||
## It will never be used if lists have already been cached, and if stamps
|
||||
## don't include host names without IP addresses.
|
||||
## It will not be used if the configured system DNS works.
|
||||
## A resolver supporting DNSSEC is recommended. This may become mandatory.
|
||||
|
||||
fallback_resolver = '9.9.9.9:53'
|
||||
|
||||
|
||||
## Never try to use the system DNS settings; unconditionally use the
|
||||
## fallback resolver.
|
||||
|
||||
ignore_system_dns = false
|
||||
|
||||
|
||||
|
||||
#########################
|
||||
# Filters #
|
||||
#########################
|
||||
|
||||
## Immediately respond to IPv6-related queries with an empty response
|
||||
## This makes things faster when there is no IPv6 connectivity, but can
|
||||
## also cause reliability issues with some stub resolvers. In
|
||||
## particular, enabling this on macOS is not recommended.
|
||||
|
||||
block_ipv6 = false
|
||||
|
||||
|
||||
|
||||
##################################################################################
|
||||
# Route queries for specific domains to a dedicated set of servers #
|
||||
##################################################################################
|
||||
|
||||
## Example map entries (one entry per line):
|
||||
## example.com 9.9.9.9
|
||||
## example.net 9.9.9.9,8.8.8.8
|
||||
|
||||
# forwarding_rules = 'forwarding-rules.txt'
|
||||
|
||||
|
||||
|
||||
###############################
|
||||
# Cloaking rules #
|
||||
###############################
|
||||
|
||||
## Cloaking returns a predefined address for a specific name.
|
||||
## In addition to acting as a HOSTS file, it can also return the IP address
|
||||
## of a different name. It will also do CNAME flattening.
|
||||
##
|
||||
## Example map entries (one entry per line)
|
||||
## example.com 10.1.1.1
|
||||
## www.google.com forcesafesearch.google.com
|
||||
|
||||
# cloaking_rules = 'cloaking-rules.txt'
|
||||
|
||||
|
||||
|
||||
###########################
|
||||
# DNS cache #
|
||||
###########################
|
||||
|
||||
## Enable a DNS cache to reduce latency and outgoing traffic
|
||||
|
||||
cache = true
|
||||
|
||||
|
||||
## Cache size
|
||||
|
||||
cache_size = 256
|
||||
|
||||
|
||||
## Minimum TTL for cached entries
|
||||
|
||||
cache_min_ttl = 600
|
||||
|
||||
|
||||
## Maximum TTL for cached entries
|
||||
|
||||
cache_max_ttl = 86400
|
||||
|
||||
|
||||
## TTL for negatively cached entries
|
||||
|
||||
cache_neg_ttl = 60
|
||||
|
||||
|
||||
|
||||
###############################
|
||||
# Query logging #
|
||||
###############################
|
||||
|
||||
## Log client queries to a file
|
||||
|
||||
[query_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'query.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
||||
format = 'tsv'
|
||||
|
||||
|
||||
## Do not log these query types, to reduce verbosity. Keep empty to log everything.
|
||||
|
||||
# ignored_qtypes = ['DNSKEY', 'NS']
|
||||
|
||||
|
||||
|
||||
############################################
|
||||
# Suspicious queries logging #
|
||||
############################################
|
||||
|
||||
## Log queries for nonexistent zones
|
||||
## These queries can reveal the presence of malware, broken/obsolete applications,
|
||||
## and devices signaling their presence to 3rd parties.
|
||||
|
||||
[nx_log]
|
||||
|
||||
## Path to the query log file (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# file = 'nx.log'
|
||||
|
||||
|
||||
## Query log format (currently supported: tsv and ltsv)
|
||||
|
||||
format = 'tsv'
|
||||
|
||||
|
||||
|
||||
######################################################
|
||||
# Pattern-based blocking (blacklists) #
|
||||
######################################################
|
||||
|
||||
## Blacklists are made of one pattern per line. Example of valid patterns:
|
||||
##
|
||||
## example.com
|
||||
## *sex*
|
||||
## ads.*
|
||||
## ads*.example.*
|
||||
## ads*.example[0-9]*.com
|
||||
##
|
||||
## Example blacklist files can be found at https://download.dnscrypt.info/blacklists/
|
||||
## A script to build blacklists from public feeds can be found in the
|
||||
## `utils/generate-domains-blacklists` directory of the dnscrypt-proxy source code.
|
||||
|
||||
[blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# blacklist_file = 'blacklist.txt'
|
||||
|
||||
|
||||
## Optional path to a file logging blocked queries
|
||||
|
||||
# log_file = 'blocked.log'
|
||||
|
||||
|
||||
## Optional log format: tsv or ltsv (default: tsv)
|
||||
|
||||
# log_format = 'tsv'
|
||||
|
||||
|
||||
|
||||
###########################################################
|
||||
# Pattern-based IP blocking (IP blacklists) #
|
||||
###########################################################
|
||||
|
||||
## IP blacklists are made of one pattern per line. Example of valid patterns:
|
||||
##
|
||||
## 127.*
|
||||
## fe80:abcd:*
|
||||
## 192.168.1.4
|
||||
|
||||
[ip_blacklist]
|
||||
|
||||
## Path to the file of blocking rules (absolute, or relative to the same directory as the executable file)
|
||||
|
||||
# blacklist_file = 'ip-blacklist.txt'
|
||||
|
||||
|
||||
## Optional path to a file logging blocked queries
|
||||
|
||||
# log_file = 'ip-blocked.log'
|
||||
|
||||
|
||||
## Optional log format: tsv or ltsv (default: tsv)
|
||||
|
||||
# log_format = 'tsv'
|
||||
|
||||
|
||||
|
||||
##########################################
|
||||
# Time access restrictions #
|
||||
##########################################
|
||||
|
||||
## One or more weekly schedules can be defined here.
|
||||
## Patterns in the name-based blocklist can optionally be followed with @schedule_name
|
||||
## to apply the pattern 'schedule_name' only when it matches a time range of that schedule.
|
||||
##
|
||||
## For example, the following rule in a blacklist file:
|
||||
## *.youtube.* @time-to-sleep
|
||||
## would block access to Youtube only during the days, and period of the days
|
||||
## define by the 'time-to-sleep' schedule.
|
||||
##
|
||||
## {after='21:00', before= '7:00'} matches 0:00-7:00 and 21:00-0:00
|
||||
## {after= '9:00', before='18:00'} matches 9:00-18:00
|
||||
|
||||
[schedules]
|
||||
|
||||
# [schedules.'time-to-sleep']
|
||||
# mon = [{after='21:00', before='7:00'}]
|
||||
# tue = [{after='21:00', before='7:00'}]
|
||||
# wed = [{after='21:00', before='7:00'}]
|
||||
# thu = [{after='21:00', before='7:00'}]
|
||||
# fri = [{after='23:00', before='7:00'}]
|
||||
# sat = [{after='23:00', before='7:00'}]
|
||||
# sun = [{after='21:00', before='7:00'}]
|
||||
|
||||
# [schedules.'work']
|
||||
# mon = [{after='9:00', before='18:00'}]
|
||||
# tue = [{after='9:00', before='18:00'}]
|
||||
# wed = [{after='9:00', before='18:00'}]
|
||||
# thu = [{after='9:00', before='18:00'}]
|
||||
# fri = [{after='9:00', before='17:00'}]
|
||||
|
||||
|
||||
|
||||
#########################
|
||||
# Servers #
|
||||
#########################
|
||||
|
||||
## Remote lists of available servers
|
||||
## Multiple sources can be used simultaneously, but every source
|
||||
## requires a dedicated cache file.
|
||||
##
|
||||
## Refer to the documentation for URLs of public sources.
|
||||
##
|
||||
## A prefix can be prepended to server names in order to
|
||||
## avoid collisions if different sources share the same for
|
||||
## different servers. In that case, names listed in `server_names`
|
||||
## must include the prefixes.
|
||||
##
|
||||
## If the `url` property is missing, cache files and valid signatures
|
||||
## must be already present; This doesn't prevent these cache files from
|
||||
## expiring after `refresh_delay` hours.
|
||||
|
||||
[sources]
|
||||
|
||||
## An example of a remote source
|
||||
|
||||
[sources.'public-resolvers']
|
||||
url = 'https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md'
|
||||
cache_file = 'public-resolvers.md'
|
||||
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
refresh_delay = 72
|
||||
prefix = ''
|
||||
|
||||
## Another example source, with resolvers censoring some websites not appropriate for children
|
||||
## This is a subset of the `public-resolvers` list, so enabling both is useless
|
||||
|
||||
# [sources.'parental-control']
|
||||
# url = 'https://download.dnscrypt.info/resolvers-list/v2/parental-control.md'
|
||||
# cache_file = 'parental-control.md'
|
||||
# minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
|
||||
|
||||
|
||||
|
||||
## Optional, local, static list of additional servers
|
||||
## Mostly useful for testing your own servers.
|
||||
|
||||
[static]
|
||||
|
||||
# [static.'google']
|
||||
# stamp = 'sdns://AgUAAAAAAAAAACDyXGrcc5eNecJ8nomJCJ-q6eCLTEn6bHic0hWGUwYQaA5kbnMuZ29vZ2xlLmNvbQ0vZXhwZXJpbWVudGFs'
|
|
@ -0,0 +1,12 @@
|
|||
##################################
|
||||
# Forwarding rules #
|
||||
##################################
|
||||
|
||||
## This is used to route specific domain names to specific servers.
|
||||
## The general format is: <domain> <server address> [, <server address>...]
|
||||
## Addresses can be IPv4 and IPv6, and include a non-standard port number.
|
||||
|
||||
## In order to enable this feature, the "forwarding_rules" property needs to
|
||||
## be set to that file name in the main configuration file.
|
||||
|
||||
example.com 9.9.9.9,8.8.8.8
|
|
@ -0,0 +1,7 @@
|
|||
id=dnscrypt-proxy
|
||||
name=DNSCrypt-Proxy 2
|
||||
version=v1
|
||||
versionCode=1
|
||||
author=bluemeda
|
||||
description=A flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2 and DNS-over-HTTP/2.
|
||||
minMagisk=1500
|
Loading…
Reference in New Issue