sako/nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

blocky dns :)

Browse source
This commit is contained in:
Sakooooo 2024-12-31 17:46:18 +04:00
parent 4e0d5d9a8f
commit 905c5c2119
Signed by: sako
GPG key ID: 3FD715D87D7725E0
4 changed files with 241 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
hosts/sakoserver/configuration.nix
View file

@ -35,7 +35,12 @@
# networking.firewall.allowedTCPPorts = []; # networking.firewall.allowedTCPPorts = [];
# networking.firewall.allowedUDPPorts = []; # networking.firewall.allowedUDPPorts = [];
void = { server = { isServer = true; }; }; void = {
server = {
isServer = true;
dns.blocky.enable = true;
};
};
# https://nixos.org/manual/nixos/stable/#sec-upgrading # https://nixos.org/manual/nixos/stable/#sec-upgrading
# don't change this pls ty ily thanks # don't change this pls ty ily thanks

2
modules/server/default.nix
View file

@ -2,7 +2,7 @@
with lib; with lib;
let cfg = config.void.server; let cfg = config.void.server;
in { in {
imports = [ ]; imports = [ ./dns ];
options.void.server = { isServer = mkEnableOption false; }; options.void.server = { isServer = mkEnableOption false; };

233
modules/server/dns/blocky/default.nix Normal file
View file

@ -0,0 +1,233 @@
{ config, lib, ... }:
with lib;
let cfg = config.void.server.dns.blocky;
in {
imports = [ ];
options.void.server.dns.blocky = { enable = mkEnableOption false; };
config = mkIf cfg.isServer {
services.blocky = {
enable = true;
settings = {
log = {
level = "warn";
format = "json";
timestamp = "false";
privacy = "true";
};
caching = {
minTime = "20m";
prefetching = true;
};
upstreams = {
groups = {
default = [
# CF
"1.1.1.1"
"1.0.0.1"
# google
"8.8.8.8"
# quad9
"9.9.9.9"
];
};
};
bootstrapDns = [ "tcp+udp:1.1.1.1" ];
blocking = {
denylists.ads = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/ncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
allowlists.ads = [
"clients4.google.com"
"clients2.google.com"
"www.googleapis.com"
"youtubei.googleapis.com"
"oauthaccountmanager.googleapis.com"
"s.youtube.com"
"video-stats.l.google.com"
"android.clients.google.com"
"gstaticadssl.l.google.com"
"googleapis.l.google.com"
"www.msftncsi.com"
"www.msftconnecttest.com"
"outlook.office365.com"
"products.office.com"
"c.s-microsoft.com"
"i.s-microsoft.com"
"login.live.com"
"login.microsoftonline.com"
"g.live.com"
"dl.delivery.mp.microsoft.com"
"geo-prod.do.dsp.mp.microsoft.com"
"displaycatalog.mp.microsoft.com"
"sls.update.microsoft.com.akadns.net"
"fe3.delivery.dsp.mp.microsoft.com.nsatc.net"
"tlu.dl.delivery.mp.microsoft.com"
"clientconfig.passport.net"
"v10.events.data.microsoft.com"
"v20.events.data.microsoft.com"
"client-s.gateway.messenger.live.com"
"arc.msn.com"
"activity.windows.com"
"xbox.ipv6.microsoft.com"
"device.auth.xboxlive.com"
"title.mgt.xboxlive.com"
"xsts.auth.xboxlive.com"
"title.auth.xboxlive.com"
"ctldl.windowsupdate.com"
"attestation.xboxlive.com"
"xboxexperiencesprod.experimentation.xboxlive.com"
"xflight.xboxlive.com"
"cert.mgt.xboxlive.com"
"xkms.xboxlive.com"
"def-vef.xboxlive.com"
"notify.xboxlive.com"
"help.ui.xboxlive.com"
"licensing.xboxlive.com"
"eds.xboxlive.com"
"www.xboxlive.com"
"v10.vortex-win.data.microsoft.com"
"settings-win.data.microsoft.com"
"officeclient.microsoft.com"
"itunes.apple.com"
"s.mzstatic.com"
"appleid.apple.com"
"gsp-ssl.ls.apple.com"
"gsp-ssl.ls-apple.com.akadns.net"
"connectivitycheck.android.com"
"clients3.google.com"
"connectivitycheck.gstatic.com"
"msftncsi.com"
"ipv6.msftncsi.com"
"captive.apple.com"
"gsp1.apple.com"
"www.apple.com"
"www.appleiphonecell.com"
"spclient.wg.spotify.com"
"apresolve.spotify.com"
"upload.facebook.com"
"creative.ak.fbcdn.net"
"external-lhr1-1.xx.fbcdn.net"
"external-lhr0-1.xx.fbcdn.net"
"external-lhr10-1.xx.fbcdn.net"
"external-lhr2-1.xx.fbcdn.net"
"external-lhr3-1.xx.fbcdn.net"
"external-lhr4-1.xx.fbcdn.net"
"external-lhr5-1.xx.fbcdn.net"
"external-lhr6-1.xx.fbcdn.net"
"external-lhr7-1.xx.fbcdn.net"
"external-lhr8-1.xx.fbcdn.net"
"external-lhr9-1.xx.fbcdn.net"
"fbcdn-creative-a.akamaihd.net"
"scontent-lhr3-1.xx.fbcdn.net"
"scontent.xx.fbcdn.net"
"scontent.fgdl5-1.fna.fbcdn.net"
"graph.facebook.com"
"b-graph.facebook.com"
"connect.facebook.com"
"cdn.fbsbx.com"
"api.facebook.com"
"edge-mqtt.facebook.com"
"mqtt.c10r.facebook.com"
"portal.fb.com"
"star.c10r.facebook.co"
"star-mini.c10r.facebook.com"
"b-api.facebook.com"
"fb.me"
"bigzipfiles.facebook.com"
"l.facebook.com"
"www.facebook.com"
"scontent-atl3-1.xx.fbcdn.net"
"static.xx.fbcdn.net"
"edge-chat.messenger.com"
"video.xx.fbcdn.net"
"external-ort2-1.xx.fbcdn.net"
"scontent-ort2-1.xx.fbcdn.net"
"edge-chat.facebook.com"
"scontent-mia3-1.xx.fbcdn.net"
"web.facebook.com"
"rupload.facebook.com"
"l.messenger.com"
"gravatar.com"
"thetvdb.com"
"themoviedb.com"
"chtbl.com"
"services.sonarr.tv"
"skyhook.sonarr.tv"
"download.sonarr.tv"
"apt.sonarr.tv"
"forums.sonarr.tv"
"placehold.it"
"placeholdit.imgix.net"
"dl.dropboxusercontent.com"
"ns1.dropbox.com"
"ns2.dropbox.com"
"gfwsl.geforce.com"
"delivery.vidible.tv"
"img.vidible.tv"
"videos.vidible.tv"
"edge.api.brightcove.com"
"cdn.vidible.tv"
"tracking.epicgames.com"
"cloudsync-prod.s3.amazonaws.com"
"tracking-protection.cdn.mozilla.net"
"telemetry-console.api.playstation.com"
"styles.redditmedia.com"
"www.redditstatic.com"
"reddit.map.fastly.net"
"www.redditmedia.com"
"reddit-uploaded-media.s3-accelerate.amazonaws.com"
"wa.me"
"www.wa.me"
"ud-chat.signal.org"
"chat.signal.org"
"storage.signal.org"
"signal.org"
"updates2.signal.org"
"textsecure-service-whispersystems.org"
"giphy-proxy-production.whispersystems.org"
"cdn.signal.org"
"whispersystems-textsecure-attachments.s3-accelerate.amazonaws.com"
"d83eunklitikj.cloudfront.net"
"souqcdn.com"
"cms.souqcdn.com"
"api.directory.signal.org"
"contentproxy.signal.org"
"turn1.whispersystems.org"
"twitter.com"
"upload.twitter.com"
"api.twitter.com"
"mobile.twitter.com"
];
clientGroupsBlock.default = [ ads ];
};
customDNS = {
customTTL = "1h";
filterUnmappedTypes = true;
mapping = { "sako.box" = "192.168.1.28"; };
};
ports = {
dns = 53;
http = 4000;
};
};
};
};
}

1
modules/server/dns/default.nix Normal file
View file

@ -0,0 +1 @@
{ imports = [ ./blocky ]; }