nix-config/nixos/_mixins/services/blocky.nix

51 lines
2.2 KiB
Nix
Raw Permalink Normal View History

_:
let
fullBlocklistProjectTrackerList = {
Abuse = [ "https://blocklistproject.github.io/Lists/abuse.txt" ];
Ads = [ "https://blocklistproject.github.io/Lists/ads.txt" ];
Crypto = [ "https://blocklistproject.github.io/Lists/crypto.txt" ];
Drugs = [ "https://blocklistproject.github.io/Lists/drugs.txt" ];
Everything = [ "https://blocklistproject.github.io/Lists/everything.txt" ];
Facebook = [ "https://blocklistproject.github.io/Lists/facebook.txt" ];
Fraud = [ "https://blocklistproject.github.io/Lists/fraud.txt" ];
Gambling = [ "https://blocklistproject.github.io/Lists/gambling.txt" ];
Malware = [ "https://blocklistproject.github.io/Lists/malware.txt" ];
Phishing = [ "https://blocklistproject.github.io/Lists/phishing.txt" ];
Piracy = [ "https://blocklistproject.github.io/Lists/piracy.txt" ];
Porn = [ "https://blocklistproject.github.io/Lists/porn.txt" ];
Ransomware = [ "https://blocklistproject.github.io/Lists/ransomware.txt" ];
Redirect = [ "https://blocklistproject.github.io/Lists/redirect.txt" ];
Scam = [ "https://blocklistproject.github.io/Lists/scam.txt" ];
TikTok = [ "https://blocklistproject.github.io/Lists/tiktok.txt" ];
Torrent = [ "https://blocklistproject.github.io/Lists/torrent.txt" ];
Tracking = [ "https://blocklistproject.github.io/Lists/tracking.txt" ];
};
in
{
services.blocky = {
enable = true;
settings = rec {
port = 53; # Standard DNS port
upstream.default = [
# Using Cloudflare's DNS over HTTPS server for resolving queries.
"https://one.one.one.one/dns-query"
];
# For initially solving DoH/DoT Requests when no system Resolver is available.
bootstrapDns = {
upstream = "https://one.one.one.one/dns-query";
ips = [ "1.1.1.1" "1.0.0.1" ];
};
# Enable Blocking of certain domains.
blocking = {
blackLists = {
inherit (fullBlocklistProjectTrackerList) Abuse Ads Crypto Drugs Fraud Gambling Malware Phishing Ransomware Scam Torrent Tracking;
};
};
# Configure what block categories are used
clientGroupsBlock = {
default = builtins.attrNames blocking.blackLists;
};
};
};
}