nixOS flake part with cascaded DNS encryption levels

[adingbatponder]

I wanted to MASSIVELY thank all involved in making this fabulous tool and those who run the servers/relays.

I used it to make a 4-layer cascaded DNS encryption tool for nixOS and Gnome. (I used Claude Code Opus 4.8 of course... disclaimer.) It starts with highest level DNScrypt-proxy2 using the available servers/relays and falls back down via TCP version, DoH to the lowest DoT level if there is a temporary instability in the relays, aiming to get back to highest.

The gnome header bar shows the current level which can flip to lower ones.

How:

flake part
see file
https://codeberg.org/adingbatponder/reticulum_nixos_flake/src/branch/main/parts/security.nix

line:
dns-cascade = import ../features/security/modules/dns-cascade.nix;

The gnome header bar is in the home manager part of flake.

I test with https://dnsleaktest.com and the results are fab.

I am sure I have only scraped the surface if what is possible.

My motivation was to study and find the closest thing I can find to settings in normal web use that give at least some features of encrypted mesh networks like reticulum. Having knowledge of the "next best thing" and the setup needed to achieve it is of huge explanatory value.

My conclusion was that without ECH being used by third parties on their servers/websites/hosts the normal web's next best thing is your setup. It answered a lot of questions for me and was a very interesting beginning and learning experience: and made my privacy settings better than they have ever been.

Bravo!