cdombroski/nix-configs
1
0
Fork 0
Code Activity Actions

New blocklist layout

Browse source
This commit is contained in:
Chris Dombroski 2024-12-31 13:28:56 -05:00
parent 45a4a8820d
commit ae10b6ff92
7 changed files with 82 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
configs/unbound-local-block.conf Normal file
View file

@ -0,0 +1,5 @@
server:
module-config: "respip validator iterator"
rpz:
name: local.block
zonefile: /etc/unbound/ads.zone

43
configs/unbound-local.conf
View file

@ -1,21 +1,22 @@
private-address: 10.42.69.0/24
local-zone: "icanttype.org." static
local-data: "zeus.icanttype.org. IN A 10.42.69.100"
local-data: "zeus.icanttype.org. IN AAAA fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01"
local-data: "orangepihole.icanttype.org. IN A 10.42.69.2"
local-data-ptr: "10.42.69.100 zeus.icanttype.org"
local-data-ptr: "10.42.69.2 orangepihole.icanttype.org"
local-data: "git.icanttype.org. IN A 10.42.69.100"
local-data: "sonarr.icanttype.org. IN A 10.42.69.100"
local-data: "homeassistant.icanttype.org. IN A 10.42.69.100"
local-data: "www.icanttype.org. IN A 10.42.69.100"
local-data: "radarr.icanttype.org. IN A 10.42.69.100"
local-data: "jellyfin.icanttype.org. IN A 10.42.69.100"
local-data: "zwave.icanttype.org. IN A 10.42.69.100"
local-data: "dashboard.icanttype.org. IN A 10.42.69.100"
local-data: "prowlarr.icanttype.org. IN A 10.42.69.100"
local-data: "readarr.icanttype.org. IN A 10.42.69.100"
local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100"
local-data: "calibre.icanttype.org. IN A 10.42.69.100"
local-data: "calibre-web.icanttype.org. IN A 10.42.69.100"
local-data: "romm.icanttype.org. IN A 10.42.69.100"
server:
private-address: 10.42.69.0/24
local-zone: "icanttype.org." static
local-data: "zeus.icanttype.org. IN A 10.42.69.100"
local-data: "zeus.icanttype.org. IN AAAA fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01"
local-data: "orangepihole.icanttype.org. IN A 10.42.69.2"
local-data-ptr: "10.42.69.100 zeus.icanttype.org"
local-data-ptr: "10.42.69.2 orangepihole.icanttype.org"
local-data: "git.icanttype.org. IN A 10.42.69.100"
local-data: "sonarr.icanttype.org. IN A 10.42.69.100"
local-data: "homeassistant.icanttype.org. IN A 10.42.69.100"
local-data: "www.icanttype.org. IN A 10.42.69.100"
local-data: "radarr.icanttype.org. IN A 10.42.69.100"
local-data: "jellyfin.icanttype.org. IN A 10.42.69.100"
local-data: "zwave.icanttype.org. IN A 10.42.69.100"
local-data: "dashboard.icanttype.org. IN A 10.42.69.100"
local-data: "prowlarr.icanttype.org. IN A 10.42.69.100"
local-data: "readarr.icanttype.org. IN A 10.42.69.100"
local-data: "qbittorrent.icanttype.org. IN A 10.42.69.100"
local-data: "calibre.icanttype.org. IN A 10.42.69.100"
local-data: "calibre-web.icanttype.org. IN A 10.42.69.100"
local-data: "romm.icanttype.org. IN A 10.42.69.100"

6
configs/unbound-threat-zone.conf Normal file
View file

@ -0,0 +1,6 @@
server:
module-config: "respip validator iterator"
rpz:
name: hagezi.tif
zonefile: hagezi.tif
url: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/tif.txt

3
nixos-configurations/orangepihole.nix
View file

@ -64,12 +64,13 @@
};
};
mainInterface = "end0";
mainInterfaceConfig = "40-end0";
networking = {
hostName = "orangepihole"; # Define your hostname.
useDHCP = lib.mkDefault true;
};
systemd.network.networks."end0" = {
systemd.network.networks."40-end0" = {
matchConfig.Name = "end0";
address = [
"10.42.69.2/24"

6
nixos-configurations/zeus.nix
View file

@ -136,6 +136,7 @@ in
{ device = "/dev/disk/by-uuid/3fca7d18-441c-4f39-adad-ffd882b1f210"; }
];
mainInterface = "lan-shim";
mainInterfaceConfig = "lan-shim";
networking = {
hostName = "zeus"; # Define your hostname.
hostId = "9e95b576";
@ -182,7 +183,10 @@ in
"10.42.69.100/24"
"fd72:3dd5:21ae:3c97:101b:87ff:fe86:5f01/64"
];
dns = [ "10.42.69.100" "10.42.69.2" ];
dns = [
"10.42.69.100"
"10.42.69.2"
];
domains = [ "icanttype.org" ];
gateway = [ "10.42.69.1" ];
dhcpServerConfig = {

4
nixos-modules/dhcp.nix
View file

@ -1,7 +1,7 @@
{ config, lib, ... }:
{
options = {
mainInterface = lib.mkOption {
mainInterfaceConfig = lib.mkOption {
type = lib.types.str;
};
};
@ -10,7 +10,7 @@
67
68
];
systemd.network.networks.${config.mainInterface} = {
systemd.network.networks.${config.mainInterfaceConfig} = {
networkConfig = {
DHCPServer = true;
IPv6SendRA = true;

38
nixos-modules/unbound.nix
View file

@ -1,23 +1,21 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
{
systemd = {
services.adblock = {
startAt = "daily";
postStop = "systemctl try-reload-or-restart unbound";
path = [
pkgs.gawk
pkgs.wget
];
script = ''
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/rpz/tif.txt > /tmp/new.conf
echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
echo 'local-zone: "iogames.space." always_nxdomain' >> /tmp/new.conf
echo 'local-zone: "taming.io." always_nxdomain' >> /tmp/new.conf
awk '!seen[$0]++' /tmp/new.conf > /etc/unbound/ads.conf
rm /tmp/new.conf
options = {
mainInterface = lib.mkOption {
type = lib.types.str;
};
};
config = {
environment.etc."unbound/ads.zone".text = ''
$ORIGIN local.
tiktock.com CNAME .
*.tiktock.com CNAME .
iogames.space CNAME .
*.iogames.space CNAME .
taming.io CNAME .
*.taming.io CNAME .
'';
};
};
networking = {
firewall = {
@ -43,10 +41,12 @@
];
};
include = [
"/etc/unbound/ads.conf"
"${../configs/unbound-local.conf}"
"${../configs/unbound-threat-zone.conf}"
"${../configs/unbound-local-block.conf}"
];
};
};
};
};
}