New blocklist layout

2024-12-31 13:28:56 -05:00 · 2024-12-31 13:28:56 -05:00 · ae10b6ff92
commit ae10b6ff92
parent 45a4a8820d
7 changed files with 82 additions and 65 deletions
--- a/configs/unbound-local-block.conf
+++ b/configs/unbound-local-block.conf
@ -0,0 +1,5 @@
 server:
  module-config: "respip validator iterator"
 rpz:
  name: local.block
  zonefile: /etc/unbound/ads.zone
--- a/configs/unbound-local.conf
+++ b/configs/unbound-local.conf
@ -1,3 +1,4 @@
 server: 
  private-address: 10.42.69.0/24
  local-zone: "icanttype.org." static
  local-data: "zeus.icanttype.org. IN A 10.42.69.100"
--- a/configs/unbound-threat-zone.conf
+++ b/configs/unbound-threat-zone.conf
@ -0,0 +1,6 @@
 server:
  module-config: "respip validator iterator"
 rpz:
  name: hagezi.tif
  zonefile: hagezi.tif
  url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/tif.txt
--- a/nixos-configurations/orangepihole.nix
+++ b/nixos-configurations/orangepihole.nix
@ -64,12 +64,13 @@
    };
  };
  mainInterface = "end0";
  mainInterfaceConfig = "40-end0";
  networking = {
    hostName = "orangepihole"; # Define your hostname.
    useDHCP = lib.mkDefault true;
  };
-  systemd.network.networks."end0" = {
+  systemd.network.networks."40-end0" = {
    matchConfig.Name = "end0";
    address = [
      "10.42.69.2/24"
--- a/nixos-configurations/zeus.nix
+++ b/nixos-configurations/zeus.nix
@ -136,6 +136,7 @@ in
    { device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
  ];
  mainInterface = "lan-shim";
  mainInterfaceConfig = "lan-shim";
  networking = {
    hostName = "zeus"; # Define your hostname.
    hostId = "9e95b576";
@ -182,7 +183,10 @@ in
        "10.42.69.100/24"
        "fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
      ];
-      dns = [ "10.42.69.100" "10.42.69.2" ];
+      dns = [
        "10.42.69.100"
        "10.42.69.2"
      ];
      domains = [ "icanttype.org" ];
      gateway = [ "10.42.69.1" ];
      dhcpServerConfig = {
--- a/nixos-modules/dhcp.nix
+++ b/nixos-modules/dhcp.nix
@ -1,7 +1,7 @@
 { config, lib, ... }:
 {
  options = {
-    mainInterface = lib.mkOption {
+    mainInterfaceConfig = lib.mkOption {
      type = lib.types.str;
    };
  };
@ -10,7 +10,7 @@
      67
      68
    ];
-    systemd.network.networks.${config.mainInterface} = {
+    systemd.network.networks.${config.mainInterfaceConfig} = {
      networkConfig = {
        DHCPServer = true;
        IPv6SendRA = true;
--- a/nixos-modules/unbound.nix
+++ b/nixos-modules/unbound.nix
@ -1,23 +1,21 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 {
-  systemd = {
+
-    services.adblock = {
+  options = {
-      startAt = "daily";
+    mainInterface = lib.mkOption {
-      postStop = "systemctl try-reload-or-restart unbound";
+      type = lib.types.str;
-      path = [
+    };
-        pkgs.gawk
+  };
-        pkgs.wget
+  config = {
-      ];
+    environment.etc."unbound/ads.zone".text = ''
-      script = ''
+      $ORIGIN local.
-        	wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/tif.txt > /tmp/new.conf
+      tiktock.com CNAME .
-                echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
+      *.tiktock.com CNAME .
-        	echo 'local-zone: "iogames.space." always_nxdomain' >> /tmp/new.conf
+      iogames.space CNAME .
-        	echo 'local-zone: "taming.io." always_nxdomain' >> /tmp/new.conf
+      *.iogames.space CNAME .
-                awk '!seen[$0]++' /tmp/new.conf > /etc/unbound/ads.conf
+      taming.io CNAME .
-                rm /tmp/new.conf
+      *.taming.io CNAME .
    '';
    };
  };
    networking = {
      firewall = {
@ -43,10 +41,12 @@
            ];
          };
          include = [
          "/etc/unbound/ads.conf"
            "${../configs/unbound-local.conf}"
            "${../configs/unbound-threat-zone.conf}"
            "${../configs/unbound-local-block.conf}"
          ];
        };
      };
    };
  };
 }