From e250f4a1e19c245188ee85228807c8a721a89c7d Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Mon, 23 Aug 2021 20:01:35 +0200 Subject: [PATCH] adblocking --- hosts/architect/default.nix | 34 +--------- hosts/architect/dns.nix | 122 ++++++++++++++++++++++++++++-------- 2 files changed, 98 insertions(+), 58 deletions(-) diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 1885a97..066776a 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -26,6 +26,8 @@ in ./matrix.nix ./fail2ban.nix ./plex.nix + ./dns.nix + ./minecraft.nix ]; time.timeZone = "Europe/Rome"; @@ -147,7 +149,6 @@ in environment.systemPackages = with pkgs; [ - openiscsi wireguard cudatoolkit ]; @@ -163,37 +164,6 @@ in zfs.autoScrub.enable = true; xserver.videoDrivers = [ "nvidia" ]; openssh.enable = true; - - dnsmasq = { - enable = true; - servers = ["127.0.0.1#5353"]; - extraConfig = '' - localise-queries - min-cache-ttl=120 - max-cache-ttl=2400 - ''; - }; - - dnscrypt-proxy2 = { - enable = true; - settings = { - listen_addresses = ["127.0.0.1:5353"]; - ipv4_servers = true; - ipv6_servers = false; - block_ipv6 = true; - dnscrypt_servers = true; - doh_servers = true; - require_nolog = true; - require_nofilter = true; - timeout = 350; - lb_strategy = "p4"; - lb_estimator = true; - ignore_system_dns = true; - fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; - cache_min_ttl = 450; - cache_max_ttl = 2400; - }; - }; }; environment.variables = { diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index 1376bf9..fce21d5 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -1,36 +1,106 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { services = { - dnsmasq = { - enable = true; - servers = ["127.0.0.1#5353"]; - extraConfig = '' + dnsmasq = { + enable = true; + servers = ["127.0.0.1#5353"]; + extraConfig = '' localise-queries min-cache-ttl=120 max-cache-ttl=2400 - ''; - }; + addn-hosts=/etc/adblock_hosts + ''; + }; - dnscrypt-proxy2 = { - enable = true; - settings = { - listen_addresses = ["127.0.0.1:5353"]; - ipv4_servers = true; - ipv6_servers = false; - block_ipv6 = true; - dnscrypt_servers = true; - doh_servers = true; - require_nolog = true; - require_nofilter = true; - timeout = 350; - lb_strategy = "p4"; - lb_estimator = true; - ignore_system_dns = true; - fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; - cache_min_ttl = 450; - cache_max_ttl = 2400; - }; + dnscrypt-proxy2 = { + enable = true; + settings = { + listen_addresses = ["127.0.0.1:5353"]; + ipv4_servers = true; + ipv6_servers = false; + block_ipv6 = true; + dnscrypt_servers = true; + doh_servers = true; + require_nolog = true; + require_nofilter = true; + timeout = 350; + lb_strategy = "p4"; + lb_estimator = true; + ignore_system_dns = true; + fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; + cache_min_ttl = 450; + cache_max_ttl = 2400; }; }; + }; + + systemd = { + timers.update-adblock = { + wantedBy = [ "timers.target" ]; + partOf = [ "update-adblock.service" ]; + timerConfig.OnCalendar = "daily"; + }; + + services.update-adblock = { + serviceConfig.Type = "oneshot"; + requiredBy = [ "dnsmasq.service" ]; + postStop = "systemctl restart dnsmasq"; + script = '' + #!/bin/sh + + EASYLIST_HOSTSNAME="easylist_hosts.txt" + EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt" + STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt" + + get_easylist() { + EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt" + + tmpfile=`mktemp` + + # download easylist + ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile + + # remove IP addresses and prepend 0.0.0.0 to create hosts file + cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME + + rm $tmpfile + } + + get_easyprivacy() { + EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt" + + tmpfile=`mktemp` + + # download easylist + ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile + + # remove IP addresses and prepend 0.0.0.0 to create hosts file + + cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME + + rm $tmpfile + } + + get_stevenblack() { + STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts" + + ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME + } + + + get_easylist + get_easyprivacy + get_stevenblack + + +# create unified file + + cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts + + rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME + + ''; + }; + }; }