SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 18:59:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

nameservers/recursive: Add option to block ads

Browse source
This commit is contained in:
SebastianStork 2026-03-04 15:14:27 +01:00
parent 97b64f459e
commit fc6eafab59
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
3 changed files with 42 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -16,6 +16,22 @@
"type": "github" "type": "github"
} }
}, },
"blocklist": {
"flake": false,
"locked": {
"lastModified": 1772371087,
"narHash": "sha256-4exSkO2QcRy+yhQf2tV6jgO3noNNPvSeIad1YLxpazI=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "484d3c71b9433e08fa887297e25a3b53c0c6fd57",
"type": "github"
},
"original": {
"owner": "StevenBlack",
"repo": "hosts",
"type": "github"
}
},
"comin": { "comin": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -293,6 +309,7 @@
"root": { "root": {
"inputs": { "inputs": {
"betterfox": "betterfox", "betterfox": "betterfox",
"blocklist": "blocklist",
"comin": "comin", "comin": "comin",
"disko": "disko", "disko": "disko",
"dns": "dns", "dns": "dns",

5
flake.nix
View file

@ -75,6 +75,11 @@
url = "github:iBigQ/radicale-birthday-calendar"; url = "github:iBigQ/radicale-birthday-calendar";
flake = false; flake = false;
}; };
blocklist = {
url = "github:StevenBlack/hosts";
flake = false;
};
}; };
outputs = outputs =

18
modules/nixos/services/nameservers/recursive.nix
View file

@ -1,5 +1,7 @@
{ {
config, config,
inputs,
pkgs,
lib, lib,
allHosts, allHosts,
... ...
@ -8,6 +10,16 @@ let
cfg = config.custom.services.recursive-nameserver; cfg = config.custom.services.recursive-nameserver;
netCfg = config.custom.networking; netCfg = config.custom.networking;
blocklist =
pkgs.runCommand "blocklist.conf" { } ''
echo "server:" > $out
cat ${inputs.blocklist}/hosts \
| grep '^0.0.0.0 ' \
| awk '$2 != "0.0.0.0" {print " local-zone: \"" $2 "\" refuse"}' \
>> $out
''
|> toString;
privateNameservers = privateNameservers =
allHosts allHosts
|> lib.attrValues |> lib.attrValues
@ -20,6 +32,7 @@ in
type = lib.types.port; type = lib.types.port;
default = 53; default = 53;
}; };
blockAds = lib.mkEnableOption "";
}; };
config = lib.mkIf cfg.enable ( config = lib.mkIf cfg.enable (
@ -28,11 +41,14 @@ in
services = { services = {
unbound = { unbound = {
enable = true; enable = true;
settings.server = { settings = {
server = {
interface = [ "${netCfg.overlay.address}@${toString cfg.port}" ]; interface = [ "${netCfg.overlay.address}@${toString cfg.port}" ];
access-control = [ "${toString netCfg.overlay.networkCidr} allow" ]; access-control = [ "${toString netCfg.overlay.networkCidr} allow" ];
prefetch = true; prefetch = true;
}; };
include-toplevel = lib.mkIf cfg.blockAds blocklist;
};
}; };
nebula.networks.mesh.firewall.inbound = lib.singleton { nebula.networks.mesh.firewall.inbound = lib.singleton {