From e250f4a1e19c245188ee85228807c8a721a89c7d Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <depasquale+git@giugl.io>
Date: Mon, 23 Aug 2021 20:01:35 +0200
Subject: [PATCH] adblocking

---
 hosts/architect/default.nix |  34 +---------
 hosts/architect/dns.nix     | 122 ++++++++++++++++++++++++++++--------
 2 files changed, 98 insertions(+), 58 deletions(-)

diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix
index 1885a97..066776a 100644
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@@ -26,6 +26,8 @@ in
       ./matrix.nix
       ./fail2ban.nix
       ./plex.nix
+      ./dns.nix
+      ./minecraft.nix
     ];
 
     time.timeZone                                  = "Europe/Rome";
@@ -147,7 +149,6 @@ in
 
     environment.systemPackages = with pkgs;
     [
-      openiscsi
       wireguard
       cudatoolkit
     ];
@@ -163,37 +164,6 @@ in
       zfs.autoScrub.enable = true;
       xserver.videoDrivers = [ "nvidia" ];
       openssh.enable = true;
-
-      dnsmasq = {
-        enable      = true;
-        servers     = ["127.0.0.1#5353"];
-        extraConfig = ''
-            localise-queries
-            min-cache-ttl=120
-            max-cache-ttl=2400
-        '';
-      };
-
-      dnscrypt-proxy2 = {
-        enable = true;
-        settings = {
-          listen_addresses   = ["127.0.0.1:5353"];
-          ipv4_servers       = true;
-          ipv6_servers       = false;
-          block_ipv6         = true;
-          dnscrypt_servers   = true;
-          doh_servers        = true;
-          require_nolog      = true;
-          require_nofilter   = true;
-          timeout            = 350;
-          lb_strategy        = "p4";
-          lb_estimator       = true;
-          ignore_system_dns  = true;
-          fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
-          cache_min_ttl = 450;
-          cache_max_ttl = 2400;
-        };
-      };
     };
 
     environment.variables = {
diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix
index 1376bf9..fce21d5 100644
--- a/hosts/architect/dns.nix
+++ b/hosts/architect/dns.nix
@@ -1,36 +1,106 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
 {
   services = {
-      dnsmasq = {
-        enable      = true;
-        servers     = ["127.0.0.1#5353"];
-        extraConfig = ''
+    dnsmasq = {
+      enable      = true;
+      servers     = ["127.0.0.1#5353"];
+      extraConfig = ''
             localise-queries
             min-cache-ttl=120
             max-cache-ttl=2400
-        '';
-      };
+            addn-hosts=/etc/adblock_hosts
+      '';
+    };
 
-      dnscrypt-proxy2 = {
-        enable = true;
-        settings = {
-          listen_addresses   = ["127.0.0.1:5353"];
-          ipv4_servers       = true;
-          ipv6_servers       = false;
-          block_ipv6         = true;
-          dnscrypt_servers   = true;
-          doh_servers        = true;
-          require_nolog      = true;
-          require_nofilter   = true;
-          timeout            = 350;
-          lb_strategy        = "p4";
-          lb_estimator       = true;
-          ignore_system_dns  = true;
-          fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
-          cache_min_ttl = 450;
-          cache_max_ttl = 2400;
-        };
+    dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        listen_addresses   = ["127.0.0.1:5353"];
+        ipv4_servers       = true;
+        ipv6_servers       = false;
+        block_ipv6         = true;
+        dnscrypt_servers   = true;
+        doh_servers        = true;
+        require_nolog      = true;
+        require_nofilter   = true;
+        timeout            = 350;
+        lb_strategy        = "p4";
+        lb_estimator       = true;
+        ignore_system_dns  = true;
+        fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
+        cache_min_ttl = 450;
+        cache_max_ttl = 2400;
       };
     };
+  };
+
+  systemd = {
+    timers.update-adblock = {
+      wantedBy = [ "timers.target" ];
+      partOf = [ "update-adblock.service" ];
+      timerConfig.OnCalendar = "daily";
+    };
+
+    services.update-adblock = {
+      serviceConfig.Type = "oneshot";
+      requiredBy = [ "dnsmasq.service" ];
+      postStop = "systemctl restart dnsmasq";
+      script = ''
+      #!/bin/sh
+
+        EASYLIST_HOSTSNAME="easylist_hosts.txt"
+        EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt"
+        STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt"
+
+        get_easylist() {
+        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt"
+
+        tmpfile=`mktemp`
+
+    # download easylist
+        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
+
+    # remove IP addresses and prepend 0.0.0.0 to create hosts file
+        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME
+
+        rm $tmpfile
+        }
+
+        get_easyprivacy() {
+        EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt"
+
+        tmpfile=`mktemp`
+
+    # download easylist
+        ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
+
+    # remove IP addresses and prepend 0.0.0.0 to create hosts file
+
+        cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME
+
+        rm $tmpfile
+        }
+
+        get_stevenblack() {
+        STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
+
+        ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME
+        }
+
+
+        get_easylist
+        get_easyprivacy
+        get_stevenblack
+
+
+# create unified file
+
+        cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts
+
+        rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME
+
+      '';
+    };
+  };
 }