adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rico0: https to blocky

Browse source
This commit is contained in:
Adithya 2024-07-17 11:25:43 +05:30
parent 16143e92bb
commit 479f3c3da8
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
1 changed files with 75 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

140
hosts/rico0/services/apps/blocky.nix
View file

@ -10,78 +10,88 @@ _: {
}; };
}; };
systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ]; systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ];
services.blocky = { services = {
enable = true; caddy = {
settings = { virtualHosts."blocky.labs.adtya.xyz" = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ]; extraConfig = ''
upstreams = { reverse_proxy 127.0.0.1:8080
init.strategy = "blocking"; tls /persist/secrets/caddy/certs/blocky.crt /persist/secrets/caddy/certs/blocky.key
groups = { '';
default = [ };
# Cloudflare };
"tcp+udp:1.1.1.1" blocky = {
enable = true;
settings = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ];
upstreams = {
init.strategy = "blocking";
groups = {
default = [
# Cloudflare
"tcp+udp:1.1.1.1"
# Google # Google
"tcp+udp:8.8.8.8" "tcp+udp:8.8.8.8"
"tcp+udp:8.8.4.4" "tcp+udp:8.8.4.4"
# Quad9 # Quad9
"tcp+udp:9.9.9.9" "tcp+udp:9.9.9.9"
"tcp+udp:149.112.112.112" "tcp+udp:149.112.112.112"
"tcp-tls:dns.quad9.net:853" "tcp-tls:dns.quad9.net:853"
"https://dns.quad9.net/dns-query" "https://dns.quad9.net/dns-query"
]; ];
};
strategy = "parallel_best";
timeout = "2s";
userAgent = "Praise the DNS overlords!";
}; };
strategy = "parallel_best"; connectIPVersion = "v4";
timeout = "2s"; customDNS = {
userAgent = "Praise the DNS overlords!"; customTTL = "1h";
}; filterUnmappedTypes = true;
connectIPVersion = "v4"; mapping = {
customDNS = { "frp.labs.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
customTTL = "1h"; "blocky.labs.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
filterUnmappedTypes = true; "prometheus.labs.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
mapping = { "transmission.labs.adtya.xyz" = "10.10.10.14,fd7c:585c:c4ae::14";
"frp.labs.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10"; };
"prometheus.labs.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
"transmission.labs.adtya.xyz" = "10.10.10.14,fd7c:585c:c4ae::14";
}; };
}; conditional = {
conditional = { fallbackUpstream = false;
fallbackUpstream = false; mapping = {
mapping = { "local.adtya.xyz" = "192.168.1.1";
"local.adtya.xyz" = "192.168.1.1"; "1.168.192.in-addr.arpa" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1"; };
}; };
}; blocking = {
blocking = { denylists = {
denylists = { ads = [
ads = [ "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
"https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt" ];
]; };
clientGroupsBlock = {
default = [ "ads" ];
};
}; };
clientGroupsBlock = { clientLookup = {
default = [ "ads" ]; upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
prometheus = {
enable = true;
path = "/metrics";
};
ports = {
dns = "192.168.1.10:53,10.10.10.10:53";
tls = "192.168.1.10:853,10.10.10.10:853";
http = "127.0.0.1:8080";
};
log = {
level = "warn";
format = "json";
timestamp = true;
privacy = true;
}; };
};
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
prometheus = {
enable = true;
path = "/metrics";
};
ports = {
dns = "192.168.1.10:53,10.10.10.10:53";
tls = "192.168.1.10:853,10.10.10.10:853";
https = "192.168.1.10:8443,10.10.10.10:8443";
http = "192.168.1.10:8080,10.10.10.10:8080";
};
log = {
level = "warn";
format = "json";
timestamp = true;
privacy = true;
}; };
}; };
}; };