DNS masq anti-ad

2022-08-12 16:57:21 +02:00 · 2022-08-12 16:57:21 +02:00 · 80e0c1a03f
commit 80e0c1a03f
parent c4e5ccf6bf
2 changed files with 28 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -156,7 +156,7 @@
        odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ];

        loki = loki-stable;
-        loki-stable = lokiStable [ ];
+        loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ];
        loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
        loki-unstable = lokiUnstable [ ];

--- a/nixos_modules/dnsmasq.nix
+++ b/nixos_modules/dnsmasq.nix
@ -0,0 +1,27 @@
+{ lib, ... }:
+let
+  blocklist = builtins.fetchurl {
+    sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
+    url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
+  services.dnsmasq = {
+    enable = true;
+    servers = [
+      "1.1.1.1"
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+    extraConfig = ''
+      cache-size=10000
+      log-queries
+      local-ttl=300
+      
+      conf-file=${blocklist}
+    '';
+  };
+}