From 80e0c1a03f2c080c839397e6610d92c00b795e32 Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Fri, 12 Aug 2022 16:57:21 +0200
Subject: [PATCH] DNS masq anti-ad

---
 flake.nix                 |  2 +-
 nixos_modules/dnsmasq.nix | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 nixos_modules/dnsmasq.nix

diff --git a/flake.nix b/flake.nix
index 8bc054b..42f1c69 100644
--- a/flake.nix
+++ b/flake.nix
@@ -156,7 +156,7 @@
         odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ];
 
         loki = loki-stable;
-        loki-stable = lokiStable [ ];
+        loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ];
         loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
         loki-unstable = lokiUnstable [ ];
 
diff --git a/nixos_modules/dnsmasq.nix b/nixos_modules/dnsmasq.nix
new file mode 100644
index 0000000..17cb548
--- /dev/null
+++ b/nixos_modules/dnsmasq.nix
@@ -0,0 +1,27 @@
+{ lib, ... }:
+let
+  blocklist = builtins.fetchurl {
+    sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
+    url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
+  services.dnsmasq = {
+    enable = true;
+    servers = [
+      "1.1.1.1"
+      "8.8.8.8"
+      "8.8.4.4"
+    ];
+    extraConfig = ''
+      cache-size=10000
+      log-queries
+      local-ttl=300
+      
+      conf-file=${blocklist}
+    '';
+  };
+}