{ config, ... }: { services.blocky = { enable = true; settings = { caching = { minTime = "5m"; maxTime = "30m"; prefetching = true; }; ports.dns = 53; upstreams.groups.default = [ "1.1.1.1" "1.0.0.1" ]; bootstrapDns = [ "tcp+udp:1.1.1.1" "https://1.1.1.1/dns-query" ]; customDNS = let localDomains = names: ip: builtins.listToAttrs (map (x: { name = x; value = ip; }) names); in { mapping = localDomains [ "files.internal" "qbittorrent.internal" "scrutiny.internal" "archive.internal" "sonarr.internal" "radarr.internal" "prowlarr.internal" "bazarr.internal" "lidarr.internal" "syncthing.internal" ] "100.93.150.89"; }; conditional = let opennic = names: ip: builtins.listToAttrs (map (x: { name = x; value = ip; }) names); in { mapping = opennic [ "epic" "geek" "chan" "fur" "cyb" "oss" "pirate" "neo" "libre" "dyn" "glue" "indy" "bbs" "gopher" "null" "o" "oz" "parody" "bazar" "coin" "lib" "emc" "ku" "uu" "ti" "te" ] "138.197.140.189"; }; blocking = { denylists = { ads = [ "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" ]; }; clientGroupsBlock.default = [ "ads" ]; }; }; }; networking.firewall = { allowedUDPPorts = [ config.services.blocky.settings.ports.dns ]; allowedTCPPorts = [ config.services.blocky.settings.ports.dns ]; }; }