128 lines
3.7 KiB
Nix
128 lines
3.7 KiB
Nix
{
|
|
config,
|
|
container,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
cfg = config.container.module.dns;
|
|
in {
|
|
options.container.module.dns = {
|
|
enable = lib.mkEnableOption "the DNS server.";
|
|
address = lib.mkOption {
|
|
default = "10.1.0.6";
|
|
type = lib.types.str;
|
|
};
|
|
port = lib.mkOption {
|
|
default = 53;
|
|
type = lib.types.int;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
containers.dns = container.mkContainer cfg {
|
|
config = { ... }: container.mkContainerConfig cfg {
|
|
services.blocky = {
|
|
enable = true;
|
|
# REF: https://0xerr0r.github.io/blocky/main/configuration/
|
|
settings = {
|
|
bootstrapDns = "tcp+udp:1.1.1.1";
|
|
connectIPVersion = "v4";
|
|
ports.dns = cfg.port;
|
|
# httpPort = "80";
|
|
upstreams.groups = {
|
|
default = [
|
|
"https://dns.quad9.net/dns-query"
|
|
];
|
|
};
|
|
caching = {
|
|
maxItemsCount = 100000;
|
|
maxTime = "30m";
|
|
minTime = "5m";
|
|
prefetchExpires = "2h";
|
|
prefetchMaxItemsCount = 100000;
|
|
prefetchThreshold = 5;
|
|
prefetching = true;
|
|
};
|
|
blocking = {
|
|
blockTTL = "1m";
|
|
blockType = "zeroIP";
|
|
loading = {
|
|
refreshPeriod = "24h";
|
|
strategy = "blocking";
|
|
downloads = {
|
|
attempts = 3;
|
|
cooldown = "10s";
|
|
timeout = "5m";
|
|
};
|
|
};
|
|
# SRC: https://oisd.nl
|
|
# SRC: https://v.firebog.net
|
|
denylists = {
|
|
suspicious = [
|
|
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
|
|
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" # https://github.com/StevenBlack/hosts
|
|
"https://v.firebog.net/hosts/static/w3kbl.txt"
|
|
];
|
|
ads = [
|
|
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
|
|
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
|
|
"https://v.firebog.net/hosts/AdguardDNS.txt"
|
|
"https://v.firebog.net/hosts/Admiral.txt"
|
|
"https://v.firebog.net/hosts/Easylist.txt"
|
|
];
|
|
tracking = [
|
|
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
|
|
"https://v.firebog.net/hosts/Easyprivacy.txt"
|
|
"https://v.firebog.net/hosts/Prigent-Ads.txt"
|
|
];
|
|
malicious = [
|
|
"https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
|
|
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
|
|
"https://phishing.army/download/phishing_army_blocklist_extended.txt"
|
|
"https://raw.githubusercontent.com/AssoEchap/stalkerware-indicators/master/generated/hosts"
|
|
"https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
|
|
"https://urlhaus.abuse.ch/downloads/hostfile/"
|
|
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
|
|
"https://v.firebog.net/hosts/Prigent-Malware.txt"
|
|
];
|
|
other = [
|
|
"https://big.oisd.nl/domainswild"
|
|
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
|
|
];
|
|
};
|
|
# allowlists = {
|
|
# other = [
|
|
# "/.*.vk.com/"
|
|
# ];
|
|
# };
|
|
clientGroupsBlock = {
|
|
default = [
|
|
"ads"
|
|
"malicious"
|
|
"other"
|
|
"suspicious"
|
|
"tracking"
|
|
];
|
|
};
|
|
};
|
|
customDNS = {
|
|
mapping = let
|
|
block = host: { ${host} = "0.0.0.0"; };
|
|
in {
|
|
# All subdomains to current host.
|
|
# ${config.container.domain} = config.container.host;
|
|
"voronind.com" = "10.0.0.1,fd09:8d46:b26::1";
|
|
}
|
|
// block "gosuslugi.ru"
|
|
// block "rutube.ru"
|
|
// block "vk.com"
|
|
;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|