Set up ad-block at the DNS level

modules/periodic.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+let
+  stateDir = "/var/lib/dnsmasq";
+  blocklist = "${stateDir}/dnsmasq.blacklist.txt";
+
+in {
+  # Fetch hosts-blocklists daily
+  systemd.services.download-dns-blocklist = {
+    description = "Download hosts-blocklists";
+    wantedBy = [ "default.target" ];
+    path = with pkgs; [ curl ];
+    script =
+      "curl -L https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -o ${blocklist}";
+    serviceConfig = { Type = "oneshot"; };
+    postStop = ''
+      chown -R dnsmasq ${stateDir}
+      systemctl restart dnsmasq
+    '';
+  };
+
+  systemd.timers.download-dns-blocklist = {
+    description = "Daily download of hosts-blocklists";
+    wantedBy = [ "default.target" ];
+    timerConfig = {
+      OnCalendar = "02:00:00";
+      Unit = "download-dns-blocklist.service";
+    };
+  };
+}