Compare commits
2 Commits
82b292946a
...
4af46920cc
| Author | SHA1 | Date | |
|---|---|---|---|
4af46920cc
|
|||
|
f431600532
|
@ -12,5 +12,6 @@
|
|||||||
- Web services and reverse proxy: webstack.nix
|
- Web services and reverse proxy: webstack.nix
|
||||||
- Development tools: devops.nix
|
- Development tools: devops.nix
|
||||||
- Smartd: monitoring.nix
|
- Smartd: monitoring.nix
|
||||||
|
- Systemd services and timers: periodic.nix
|
||||||
|
|
||||||
All the modules are imported in *configuration.nix*
|
All the modules are imported in *configuration.nix*
|
||||||
|
|||||||
@ -107,6 +107,7 @@
|
|||||||
./modules/webstack.nix
|
./modules/webstack.nix
|
||||||
./modules/devops.nix
|
./modules/devops.nix
|
||||||
./modules/monitoring.nix
|
./modules/monitoring.nix
|
||||||
|
./modules/periodic.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -33,11 +33,13 @@ in {
|
|||||||
allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
631 # Cups
|
631 # Cups
|
||||||
6566 # SANE
|
6566 # SANE
|
||||||
80
|
80 # HTTP
|
||||||
443
|
443 # HTTPS
|
||||||
|
53 # DNS
|
||||||
];
|
];
|
||||||
allowedUDPPorts = [
|
allowedUDPPorts = [
|
||||||
1194 # Wireguard
|
1194 # Wireguard
|
||||||
|
53 # DNS
|
||||||
];
|
];
|
||||||
autoLoadConntrackHelpers = true;
|
autoLoadConntrackHelpers = true;
|
||||||
connectionTrackingModules = [ "sane" ];
|
connectionTrackingModules = [ "sane" ];
|
||||||
@ -77,5 +79,26 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# DNS server with ad-block
|
||||||
|
services.dnsmasq = {
|
||||||
|
enable = true;
|
||||||
|
servers = [ "176.9.37.132" "116.203.147.31" ];
|
||||||
|
extraConfig = ''
|
||||||
|
domain-needed
|
||||||
|
bogus-priv
|
||||||
|
no-resolv
|
||||||
|
|
||||||
|
listen-address=127.0.0.1,192.168.1.2,10.8.0.1
|
||||||
|
bind-interfaces
|
||||||
|
|
||||||
|
cache-size=10000
|
||||||
|
local-ttl=300
|
||||||
|
|
||||||
|
conf-file=/var/lib/dnsmasq/dnsmasq.blacklist.txt
|
||||||
|
|
||||||
|
address=/coolneng.duckdns.org/192.168.1.2
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
30
modules/periodic.nix
Normal file
30
modules/periodic.nix
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
stateDir = "/var/lib/dnsmasq";
|
||||||
|
blocklist = "${stateDir}/dnsmasq.blacklist.txt";
|
||||||
|
|
||||||
|
in {
|
||||||
|
# Fetch hosts-blocklists daily
|
||||||
|
systemd.services.download-dns-blocklist = {
|
||||||
|
description = "Download hosts-blocklists";
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
path = with pkgs; [ curl ];
|
||||||
|
script =
|
||||||
|
"curl -L https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -o ${blocklist}";
|
||||||
|
serviceConfig = { Type = "oneshot"; };
|
||||||
|
postStop = ''
|
||||||
|
chown -R dnsmasq ${stateDir}
|
||||||
|
systemctl restart dnsmasq
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers.download-dns-blocklist = {
|
||||||
|
description = "Daily download of hosts-blocklists";
|
||||||
|
wantedBy = [ "default.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "02:00:00";
|
||||||
|
Unit = "download-dns-blocklist.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user