52 lines
1.3 KiB
Nix
52 lines
1.3 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
systemd = {
|
|
services.adblock = {
|
|
startAt = "daily";
|
|
postStop = "systemctl try-reload-or-restart unbound";
|
|
path = [
|
|
pkgs.gawk
|
|
pkgs.wget
|
|
];
|
|
script = ''
|
|
wget -nv -O - https://raw.githubusercontent.com/hagezi/dns-blocklists/main/unbound/tif.blacklist.conf > /tmp/new.conf
|
|
echo 'local-zone: "tiktok.com." always_nxdomain' >> /tmp/new.conf
|
|
echo 'local-zone: "iogames.space." always_nxdomain' >> /tmp/new.conf
|
|
echo 'local-zone: "taming.io." always_nxdomain' >> /tmp/new.conf
|
|
awk '!seen[$0]++' /tmp/new.conf > /etc/unbound/ads.conf
|
|
rm /tmp/new.conf
|
|
'';
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
allowedUDPPorts = [
|
|
53
|
|
];
|
|
allowedTCPPorts = [ 53 ];
|
|
};
|
|
};
|
|
|
|
services = {
|
|
unbound = {
|
|
enable = true;
|
|
localControlSocketPath = "/var/lib/unbound/control.sock";
|
|
settings = {
|
|
server = {
|
|
do-ip6 = "no";
|
|
qname-minimisation = "yes";
|
|
interface = [ config.mainInterface ];
|
|
access-control = [
|
|
"10.0.0.0/8 allow"
|
|
"fc::/7 allow"
|
|
];
|
|
};
|
|
include = [
|
|
"/etc/unbound/ads.conf"
|
|
"${../configs/unbound-local.conf}"
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|