rico1: add blocky

This commit is contained in:
Adithya 2024-10-27 18:34:32 +05:30
parent 26d166e0d1
commit e1556fa6cb
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
2 changed files with 142 additions and 0 deletions

View file

@ -0,0 +1,141 @@
{ pkgs, ... }:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "blocky.labs.adtya.xyz";
in
{
networking = {
firewall = {
allowedTCPPorts = [
53 #DNS
];
allowedUDPPorts = [
53 #DNS
];
};
};
systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ];
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat domainName;
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky = {
enable = true;
settings = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ];
upstreams = {
init.strategy = "blocking";
groups = {
default = [
# Cloudflare
"tcp+udp:1.1.1.1"
# Google
"tcp+udp:8.8.8.8"
"tcp+udp:8.8.4.4"
# Quad9
"tcp+udp:9.9.9.9"
"tcp+udp:149.112.112.112"
"tcp-tls:dns.quad9.net:853"
"https://dns.quad9.net/dns-query"
];
};
strategy = "parallel_best";
timeout = "2s";
userAgent = "Praise the DNS overlords!";
};
connectIPVersion = "v4";
customDNS = {
customTTL = "1h";
filterUnmappedTypes = true;
mapping = {
# Local (Home Network)
"gateway.local.adtya.xyz" = "192.168.0.1";
"ap1.local.adtya.xyz" = "192.168.1.1";
"ap2.local.adtya.xyz" = "192.168.1.2";
"switch.local.adtya.xyz" = "192.168.1.3";
"jellyfin.local.adtya.xyz" = "192.168.1.14";
# Labs (Homelab)
"gateway.labs.adtya.xyz" = "10.10.10.10";
"ap1.labs.adtya.xyz" = "10.10.10.10";
"ap2.labs.adtya.xyz" = "10.10.10.10";
"switch.labs.adtya.xyz" = "10.10.10.10";
"proxy.labs.adtya.xyz" = "10.10.10.1";
"skipper.labs.adtya.xyz" = "10.10.10.2";
"rico0.labs.adtya.xyz" = "10.10.10.10";
"rico1.labs.adtya.xyz" = "10.10.10.11";
"rico2.labs.adtya.xyz" = "10.10.10.12";
"wynne.labs.adtya.xyz" = "10.10.10.13";
"layne.labs.adtya.xyz" = "10.10.10.14";
"alertmanager.labs.adtya.xyz" = "10.10.10.10";
"blocky.labs.adtya.xyz" = "10.10.10.11";
"frp.labs.adtya.xyz" = "10.10.10.10";
"grafana.labs.adtya.xyz" = "10.10.10.10";
"loki.labs.adtya.xyz" = "10.10.10.11";
"prometheus.labs.adtya.xyz" = "10.10.10.10";
"transmission.labs.adtya.xyz" = "10.10.10.14";
"jellyfin.labs.adtya.xyz" = "10.10.10.14";
"radarr.labs.adtya.xyz" = "10.10.10.14";
"sonarr.labs.adtya.xyz" = "10.10.10.14";
"readarr.labs.adtya.xyz" = "10.10.10.14";
"jackett.labs.adtya.xyz" = "10.10.10.14";
};
};
conditional = {
fallbackUpstream = false;
mapping = {
"local.adtya.xyz" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1";
};
};
blocking = {
denylists = {
ads = [
"https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
];
pihole = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
];
};
allowlists = {
pihole = [
(pkgs.writeText "allowlist.txt" ''
s.youtube.com
'')
];
};
clientGroupsBlock = {
default = [ "ads" "pihole" ];
};
};
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
prometheus = {
enable = true;
path = "/metrics";
};
ports = {
dns = "192.168.1.11:53,10.10.10.11:53";
tls = "192.168.1.11:853,10.10.10.11:853";
http = "127.0.0.1:8080";
};
log = {
level = "warn";
format = "json";
timestamp = true;
privacy = true;
};
};
};
};
}

View file

@ -3,6 +3,7 @@ _: {
./adtya.xyz.nix ./adtya.xyz.nix
./proofs.nix ./proofs.nix
./wiki.nix ./wiki.nix
./blocky.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix
]; ];