108 lines
2.3 KiB
Nix
108 lines
2.3 KiB
Nix
{ config, ... }: {
|
|
services.blocky = {
|
|
enable = true;
|
|
settings = {
|
|
caching = {
|
|
minTime = "5m";
|
|
maxTime = "30m";
|
|
prefetching = true;
|
|
};
|
|
ports.dns = 53;
|
|
upstreams.groups.default = [
|
|
"1.1.1.1"
|
|
"1.0.0.1"
|
|
];
|
|
bootstrapDns = [
|
|
"tcp+udp:1.1.1.1"
|
|
"https://1.1.1.1/dns-query"
|
|
];
|
|
customDNS =
|
|
let
|
|
localDomains = names: ip:
|
|
builtins.listToAttrs (map
|
|
(x: {
|
|
name = x;
|
|
value = ip;
|
|
})
|
|
names);
|
|
in
|
|
{
|
|
mapping = localDomains [
|
|
"files.internal"
|
|
"qbittorrent.internal"
|
|
"scrutiny.internal"
|
|
"archive.internal"
|
|
"sonarr.internal"
|
|
"radarr.internal"
|
|
"prowlarr.internal"
|
|
"bazarr.internal"
|
|
"lidarr.internal"
|
|
"syncthing.internal"
|
|
"stats.internal"
|
|
"promtail.internal"
|
|
"prometheus.internal"
|
|
] "100.93.150.89";
|
|
};
|
|
conditional =
|
|
let
|
|
opennic = names: ip:
|
|
builtins.listToAttrs (map
|
|
(x: {
|
|
name = x;
|
|
value = ip;
|
|
})
|
|
names);
|
|
in
|
|
{
|
|
mapping = opennic [
|
|
"epic"
|
|
"geek"
|
|
"chan"
|
|
"fur"
|
|
"cyb"
|
|
"oss"
|
|
"pirate"
|
|
"neo"
|
|
"libre"
|
|
"dyn"
|
|
"glue"
|
|
"indy"
|
|
"bbs"
|
|
"gopher"
|
|
"null"
|
|
"o"
|
|
"oz"
|
|
"parody"
|
|
"bazar"
|
|
"coin"
|
|
"lib"
|
|
"emc"
|
|
"ku"
|
|
"uu"
|
|
"ti"
|
|
"te"
|
|
] "138.197.140.189";
|
|
};
|
|
blocking = {
|
|
blackLists = {
|
|
ads = [
|
|
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
|
];
|
|
};
|
|
|
|
clientGroupsBlock.default = [
|
|
"ads"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall = {
|
|
allowedUDPPorts = [
|
|
config.services.blocky.settings.ports.dns
|
|
];
|
|
allowedTCPPorts = [
|
|
config.services.blocky.settings.ports.dns
|
|
];
|
|
};
|
|
}
|