peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nixos/hosts/architect/dns.nix
Giulio De Pasquale e250f4a1e1 adblocking
2021-08-23 20:01:35 +02:00

107 lines
2.9 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
{
services = {
dnsmasq = {
enable = true;
servers = ["127.0.0.1#5353"];
extraConfig = ''
localise-queries
min-cache-ttl=120
max-cache-ttl=2400
addn-hosts=/etc/adblock_hosts
'';
};
dnscrypt-proxy2 = {
enable = true;
settings = {
listen_addresses = ["127.0.0.1:5353"];
ipv4_servers = true;
ipv6_servers = false;
block_ipv6 = true;
dnscrypt_servers = true;
doh_servers = true;
require_nolog = true;
require_nofilter = true;
timeout = 350;
lb_strategy = "p4";
lb_estimator = true;
ignore_system_dns = true;
fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"];
cache_min_ttl = 450;
cache_max_ttl = 2400;
};
};
};
systemd = {
timers.update-adblock = {
wantedBy = [ "timers.target" ];
partOf = [ "update-adblock.service" ];
timerConfig.OnCalendar = "daily";
};
services.update-adblock = {
serviceConfig.Type = "oneshot";
requiredBy = [ "dnsmasq.service" ];
postStop = "systemctl restart dnsmasq";
script = ''
#!/bin/sh
EASYLIST_HOSTSNAME="easylist_hosts.txt"
EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt"
STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt"
get_easylist() {
EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt"
tmpfile=`mktemp`
# download easylist
${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
# remove IP addresses and prepend 0.0.0.0 to create hosts file
cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME
rm $tmpfile
}
get_easyprivacy() {
EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt"
tmpfile=`mktemp`
# download easylist
${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
# remove IP addresses and prepend 0.0.0.0 to create hosts file
cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME
rm $tmpfile
}
get_stevenblack() {
STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME
}
get_easylist
get_easyprivacy
get_stevenblack
# create unified file
cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts
rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME
'';
};
};
}
Reference in New Issue View Git Blame Copy Permalink