From a1638d8ca8c6076405ac48dd90df964e5fc3b3c3 Mon Sep 17 00:00:00 2001
From: Adithya Nair <adtya@adtya.xyz>
Date: Sat, 6 Jul 2024 22:41:07 +0530
Subject: [PATCH] rico0: setup blocky for dns

---
 hosts/rico0/services/apps/blocky.nix  | 76 +++++++++++++++++++++++++++
 hosts/rico0/services/apps/default.nix |  2 +-
 2 files changed, 77 insertions(+), 1 deletion(-)
 create mode 100644 hosts/rico0/services/apps/blocky.nix

diff --git a/hosts/rico0/services/apps/blocky.nix b/hosts/rico0/services/apps/blocky.nix
new file mode 100644
index 0000000..e51a7df
--- /dev/null
+++ b/hosts/rico0/services/apps/blocky.nix
@@ -0,0 +1,76 @@
+_: {
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        53 #DNS
+      ];
+      allowedUDPPorts = [
+        53 #DNS
+      ];
+    };
+  };
+  services.blocky = {
+    enable = true;
+    settings = {
+      bootstrapDns = [ "tcp+udp:1.1.1.1" ];
+      upstreams = {
+        init.strategy = "failOnError";
+        groups = {
+          default = [
+            # Google
+            "tcp+udp:8.8.8.8"
+            "tcp+udp:8.8.4.4"
+            "tcp+udp:2001:4860:4860::8888"
+            "tcp+udp:2001:4860:4860::8844"
+
+            # Quad9
+            "tcp+udp:9.9.9.9"
+            "tcp+udp:149.112.112.112"
+            "tcp+udp:2620:fe::fe"
+            "tcp+udp:2620:fe::9"
+            "tcp-tls:dns.quad9.net:853"
+            "https://dns.quad9.net/dns-query"
+          ];
+        };
+        strategy = "parallel_best";
+        timeout = "2s";
+        userAgent = "Praise the DNS overlords!";
+      };
+      connectIPVersion = "dual";
+      customDNS = {
+        customTTL = "1h";
+        filterUnmappedTypes = true;
+        mapping = {
+          "frp.local.adtya.xyz" = "10.10.10.10,fd7c:585c:c4ae::10";
+        };
+      };
+      conditional = {
+        fallbackUpstream = false;
+        mapping = {
+          "local.adtya.xyz" = "192.168.1.1";
+          "1.168.192.in-addr.arpa" = "192.168.1.1";
+        };
+      };
+      blocking = {
+        denylists = {
+          ads = [
+            "https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
+          ];
+        };
+        clientGroupsBlock = {
+          default = [ "ads" ];
+        };
+      };
+      clientLookup = {
+        upstream = "192.168.1.1";
+        singleNameOrder = [ 2 1 ];
+      };
+      ports = {
+        dns = "192.168.1.10:53,10.10.10.10:53";
+        tls = "192.168.1.10:853,10.10.10.10:853";
+        https = "192.168.1.10:8443,10.10.10.10:8443";
+        http = "192.168.1.10:8080,10.10.10.10:8080";
+      };
+    };
+  };
+}
diff --git a/hosts/rico0/services/apps/default.nix b/hosts/rico0/services/apps/default.nix
index ec78b93..b5a7514 100644
--- a/hosts/rico0/services/apps/default.nix
+++ b/hosts/rico0/services/apps/default.nix
@@ -1,3 +1,3 @@
 _: {
-  imports = [ ./transmission.nix ];
+  imports = [ ./blocky.nix ./transmission.nix ];
 }