diff --git a/profiles/dnscrypt/default.nix b/profiles/dnscrypt/default.nix
new file mode 100644
index 0000000..a64d06f
--- /dev/null
+++ b/profiles/dnscrypt/default.nix
@@ -0,0 +1,26 @@
+{
+  networking = {
+    nameservers = [ "127.0.0.1" "::1" ];
+    resolvconf.useLocalResolver = true;
+    # If using dhcpcd:
+    dhcpcd.extraConfig = "nohook resolv.conf";
+    # If using NetworkManager:
+    networkmanager.dns = "none";
+  };
+    services.dnscrypt-proxy2 = {
+    enable = true;
+    settings = {
+      ipv6_servers = false;
+      require_dnssec = true;
+
+      sources.public-resolvers = {
+        urls = [
+          "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+          "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+        ];
+        cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+        minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+      };
+    };
+  };
+}
diff --git a/suites/default.nix b/suites/default.nix
index 10b78b4..0d5b164 100644
--- a/suites/default.nix
+++ b/suites/default.nix
@@ -1,6 +1,6 @@
 { profiles, ... }:
 with profiles; rec {
-  base = [ users.root core ];
+  base = [ users.root core dnscrypt ];
   workstation = base ++ [ sway develop game profiles.workstation ssh flatpak torrents pwn tor rust ];
   desktop = workstation ++ [ users.mae-desk amd school three_dee androidev ];
   lap = workstation ++ [ users.mae-lap laptop bluetooth print networkmanager androidev ];