{ config, pkgs, lib, ... }: { services = { dnsmasq = { enable = true; servers = ["127.0.0.1#5353"]; extraConfig = '' localise-queries min-cache-ttl=120 max-cache-ttl=2400 addn-hosts=/etc/adblock_hosts ''; }; dnscrypt-proxy2 = { enable = true; settings = { listen_addresses = ["127.0.0.1:5353"]; ipv4_servers = true; ipv6_servers = false; block_ipv6 = true; dnscrypt_servers = true; doh_servers = true; require_nolog = true; require_nofilter = true; timeout = 350; lb_strategy = "p4"; lb_estimator = true; ignore_system_dns = true; fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; cache_min_ttl = 450; cache_max_ttl = 2400; }; }; }; systemd = { timers.update-adblock = { wantedBy = [ "timers.target" ]; partOf = [ "update-adblock.service" ]; timerConfig.OnCalendar = "daily"; }; services.update-adblock = { serviceConfig.Type = "oneshot"; requiredBy = [ "dnsmasq.service" ]; postStop = "systemctl restart dnsmasq"; script = '' #!/bin/sh EASYLIST_HOSTSNAME="easylist_hosts.txt" EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt" STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt" get_easylist() { EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt" tmpfile=`mktemp` # download easylist ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile # remove IP addresses and prepend 0.0.0.0 to create hosts file cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME rm $tmpfile } get_easyprivacy() { EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt" tmpfile=`mktemp` # download easylist ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile # remove IP addresses and prepend 0.0.0.0 to create hosts file cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME rm $tmpfile } get_stevenblack() { STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts" ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME } get_easylist get_easyprivacy get_stevenblack # create unified file cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME ''; }; }; }