adblocking

2021-08-23 20:01:35 +02:00 · 2021-08-23 20:01:35 +02:00 · e250f4a1e1
commit e250f4a1e1
parent 3b740547c4
2 changed files with 98 additions and 58 deletions
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -26,6 +26,8 @@ in
      ./matrix.nix
      ./fail2ban.nix
      ./plex.nix
+      ./dns.nix
+      ./minecraft.nix
    ];

    time.timeZone                                  = "Europe/Rome";
@ -147,7 +149,6 @@ in

    environment.systemPackages = with pkgs;
    [
-      openiscsi
      wireguard
      cudatoolkit
    ];
@ -163,37 +164,6 @@ in
      zfs.autoScrub.enable = true;
      xserver.videoDrivers = [ "nvidia" ];
      openssh.enable = true;
-
-      dnsmasq = {
-        enable      = true;
-        servers     = ["127.0.0.1#5353"];
-        extraConfig = ''
-            localise-queries
-            min-cache-ttl=120
-            max-cache-ttl=2400
-        '';
-      };
-
-      dnscrypt-proxy2 = {
-        enable = true;
-        settings = {
-          listen_addresses   = ["127.0.0.1:5353"];
-          ipv4_servers       = true;
-          ipv6_servers       = false;
-          block_ipv6         = true;
-          dnscrypt_servers   = true;
-          doh_servers        = true;
-          require_nolog      = true;
-          require_nofilter   = true;
-          timeout            = 350;
-          lb_strategy        = "p4";
-          lb_estimator       = true;
-          ignore_system_dns  = true;
-          fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
-          cache_min_ttl = 450;
-          cache_max_ttl = 2400;
-        };
-      };
    };

    environment.variables = {
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@ -1,36 +1,106 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:

 {
  services = {
-      dnsmasq = {
-        enable      = true;
-        servers     = ["127.0.0.1#5353"];
-        extraConfig = ''
+    dnsmasq = {
+      enable      = true;
+      servers     = ["127.0.0.1#5353"];
+      extraConfig = ''
            localise-queries
            min-cache-ttl=120
            max-cache-ttl=2400
-        '';
-      };
+            addn-hosts=/etc/adblock_hosts
+      '';
+    };

-      dnscrypt-proxy2 = {
-        enable = true;
-        settings = {
-          listen_addresses   = ["127.0.0.1:5353"];
-          ipv4_servers       = true;
-          ipv6_servers       = false;
-          block_ipv6         = true;
-          dnscrypt_servers   = true;
-          doh_servers        = true;
-          require_nolog      = true;
-          require_nofilter   = true;
-          timeout            = 350;
-          lb_strategy        = "p4";
-          lb_estimator       = true;
-          ignore_system_dns  = true;
-          fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
-          cache_min_ttl = 450;
-          cache_max_ttl = 2400;
-        };
+    dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        listen_addresses   = ["127.0.0.1:5353"];
+        ipv4_servers       = true;
+        ipv6_servers       = false;
+        block_ipv6         = true;
+        dnscrypt_servers   = true;
+        doh_servers        = true;
+        require_nolog      = true;
+        require_nofilter   = true;
+        timeout            = 350;
+        lb_strategy        = "p4";
+        lb_estimator       = true;
+        ignore_system_dns  = true;
+        fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
+        cache_min_ttl = 450;
+        cache_max_ttl = 2400;
      };
    };
+  };
+
+  systemd = {
+    timers.update-adblock = {
+      wantedBy = [ "timers.target" ];
+      partOf = [ "update-adblock.service" ];
+      timerConfig.OnCalendar = "daily";
+    };
+
+    services.update-adblock = {
+      serviceConfig.Type = "oneshot";
+      requiredBy = [ "dnsmasq.service" ];
+      postStop = "systemctl restart dnsmasq";
+      script = ''
+      #!/bin/sh
+
+        EASYLIST_HOSTSNAME="easylist_hosts.txt"
+        EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt"
+        STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt"
+
+        get_easylist() {
+        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt"
+
+        tmpfile=`mktemp`
+
+    # download easylist
+        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
+
+    # remove IP addresses and prepend 0.0.0.0 to create hosts file
+        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME
+
+        rm $tmpfile
+        }
+
+        get_easyprivacy() {
+        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt"
+
+        tmpfile=`mktemp`
+
+    # download easylist
+        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
+
+    # remove IP addresses and prepend 0.0.0.0 to create hosts file
+
+        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME
+
+        rm $tmpfile
+        }
+
+        get_stevenblack() {
+        STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
+
+        ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME
+        }
+
+
+        get_easylist
+        get_easyprivacy
+        get_stevenblack
+
+
+# create unified file
+
+        cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts
+
+        rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME
+
+      '';
+    };
+  };
 }