27 lines
582 B
Nix
27 lines
582 B
Nix
{ lib, ... }:
|
|
let
|
|
blocklist = builtins.fetchurl {
|
|
sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
|
|
url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
|
|
};
|
|
in
|
|
{
|
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
|
|
services.dnsmasq = {
|
|
enable = true;
|
|
servers = [
|
|
"1.1.1.1"
|
|
"8.8.8.8"
|
|
"8.8.4.4"
|
|
];
|
|
extraConfig = ''
|
|
cache-size=10000
|
|
log-queries
|
|
local-ttl=300
|
|
|
|
conf-file=${blocklist}
|
|
'';
|
|
};
|
|
}
|