bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DNS masq anti-ad

Browse source
This commit is contained in:
Filippo Berto 2022-08-12 16:57:21 +02:00
parent c4e5ccf6bf
commit 80e0c1a03f
2 changed files with 28 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -156,7 +156,7 @@
odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ]; odin-nvidia-stable = odinStable [ ./odin/configuration-nvidia.nix ./nixos_modules/pro_audio.nix ./nixos_modules/sesar.nix ];
loki = loki-stable; loki = loki-stable;
loki-stable = lokiStable [ ]; loki-stable = lokiStable [ ./nixos_modules/dnsmasq.nix ];
loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ]; loki-k3s = lokiStable [ ./nixos_modules/k3s.nix ];
loki-unstable = lokiUnstable [ ]; loki-unstable = lokiUnstable [ ];

27
nixos_modules/dnsmasq.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, ... }:
let
blocklist = builtins.fetchurl {
sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
};
in
{
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
services.dnsmasq = {
enable = true;
servers = [
"1.1.1.1"
"8.8.8.8"
"8.8.4.4"
];
extraConfig = ''
cache-size=10000
log-queries
local-ttl=300
conf-file=${blocklist}
'';
};
}