diff --git a/flake.nix b/flake.nix
index 3573116..9b43a06 100644
--- a/flake.nix
+++ b/flake.nix
@@ -29,10 +29,11 @@
         laptop = nixpkgs.lib.nixosSystem {
           inherit system;
           modules = [
-            ./sys/laptop
-            hosts.nixosModule
-            # ./modules/gaming.nix
             ./hardware-configuration.nix
+            ./sys/laptop
+            ./modules/dnscrypt
+            hosts.nixosModule
+            # ./modules/gaming
           ];
         };
       };
diff --git a/modules/dnscrypt/default.nix b/modules/dnscrypt/default.nix
new file mode 100644
index 0000000..8c95e96
--- /dev/null
+++ b/modules/dnscrypt/default.nix
@@ -0,0 +1,26 @@
+{
+  networking = {
+    nameservers = [ "127.0.0.1" "::1" ];
+    dhcpcd.extraConfig = "nohook resolv.conf";
+  };
+
+  services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = true;
+      require_dnssec = true;
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+    };
+  };
+  systemd.services.dnscrypt-proxy2.serviceConfig = {
+    StateDirectory = "dnscrypt-proxy";
+  };
+}
+
diff --git a/modules/gaming.nix b/modules/gaming/default.nix
similarity index 100%
rename from modules/gaming.nix
rename to modules/gaming/default.nix