adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rico0: setup blocky for dns

Browse source
This commit is contained in:
Adithya 2024-07-06 22:41:07 +05:30
parent 537373c404
commit a1638d8ca8
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
2 changed files with 77 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
hosts/rico0/services/apps/blocky.nix Normal file
View file

@ -0,0 +1,76 @@
_: {
networking = {
firewall = {
allowedTCPPorts = [
53 #DNS
];
allowedUDPPorts = [
53 #DNS
];
};
};
services.blocky = {
enable = true;
settings = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ];
upstreams = {
init.strategy = "failOnError";
groups = {
default = [
# Google
"tcp+udp:8.8.8.8"
"tcp+udp:8.8.4.4"
"tcp+udp:2001:4860:4860::8888"
"tcp+udp:2001:4860:4860::8844"
# Quad9
"tcp+udp:9.9.9.9"
"tcp+udp:149.112.112.112"
"tcp+udp:2620:fe::fe"
"tcp+udp:2620:fe::9"
"tcp-tls:dns.quad9.net:853"
"https://dns.quad9.net/dns-query"
];
};
strategy = "parallel_best";
timeout = "2s";
userAgent = "Praise the DNS overlords!";
};
connectIPVersion = "dual";
customDNS = {
customTTL = "1h";
filterUnmappedTypes = true;
mapping = {
"frp.local.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
};
};
conditional = {
fallbackUpstream = false;
mapping = {
"local.adtya.xyz" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1";
};
};
blocking = {
denylists = {
ads = [
"https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
];
};
clientGroupsBlock = {
default = [ "ads" ];
};
};
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
ports = {
dns = "192.168.1.10:53,10.10.10.10:53";
tls = "192.168.1.10:853,10.10.10.10:853";
https = "192.168.1.10:8443,10.10.10.10:8443";
http = "192.168.1.10:8080,10.10.10.10:8080";
};
};
};
}

2
hosts/rico0/services/apps/default.nix
View file

@ -1,3 +1,3 @@
_: {
imports = [ ./transmission.nix ];
imports = [ ./blocky.nix ./transmission.nix ];
}