{ ... }: {
	services.blocky = {
		enable = true;
		# REF: https://0xerr0r.github.io/blocky/main/configuration/
		settings = {
			bootstrapDns = "tcp+udp:1.1.1.1";
			ports.dns    = 53;
			# connectIPVersion = "v4";
			# httpPort = "80";
			upstreams.groups = {
				default = [
					"https://dns.quad9.net/dns-query"
				];
			};
			caching = {
				maxItemsCount         = 100000;
				maxTime               = "30m";
				minTime               = "5m";
				prefetchExpires       = "2h";
				prefetchMaxItemsCount = 100000;
				prefetchThreshold     = 5;
				prefetching           = true;
			};
			blocking = {
				blockTTL  = "1m";
				blockType = "zeroIP";
				loading = {
					refreshPeriod = "24h";
					strategy      = "blocking";
					downloads = {
						attempts = 3;
						cooldown = "10s";
						timeout  = "5m";
					};
				};
				# SRC: https://oisd.nl
				# SRC: https://v.firebog.net
				denylists = {
					suspicious = [
						"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
						"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts
						"https://v.firebog.net/hosts/static/w3kbl.txt"
					];
					ads = [
						"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
						"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
						"https://v.firebog.net/hosts/AdguardDNS.txt"
						"https://v.firebog.net/hosts/Admiral.txt"
						"https://v.firebog.net/hosts/Easylist.txt"
					];
					tracking = [
						"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
						"https://v.firebog.net/hosts/Easyprivacy.txt"
						"https://v.firebog.net/hosts/Prigent-Ads.txt"
					];
					malicious = [
						"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
						"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
						"https://phishing.army/download/phishing_army_blocklist_extended.txt"
						"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
						"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
						"https://urlhaus.abuse.ch/downloads/hostfile/"
						"https://v.firebog.net/hosts/Prigent-Crypto.txt"
						"https://v.firebog.net/hosts/Prigent-Malware.txt"
					];
					other = [
						"https://big.oisd.nl/domainswild"
						"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
					];
				};
				# allowlists = {
				#   other = [
				#     "/.*.vk.com/"
				#   ];
				# };
				clientGroupsBlock = {
					default = [
						"ads"
						"malicious"
						"other"
						"suspicious"
						"tracking"
					];
				};
			};
			customDNS.mapping = let
				block = host: { ${host} = "0.0.0.0"; };
			in {
				"voronind.com" = "10.0.0.1,fd09:8d46:b26:0:8079:82ff:fe1a:916a";
			}
			// block "gosuslugi.ru"
			// block "rutube.ru"
			# // block "vk.com"
			;
		};
	};
}