mirror of
https://github.com/StevenBlack/hosts.git
synced 2026-07-01 10:46:51 +00:00
Merge pull request #3077 from 30350n/unbound-confs-rework
Rework "Generate unbound configuration files from blocklist files (#2833)"
This commit is contained in:
@@ -52,6 +52,11 @@
|
||||
python3Packages.requests
|
||||
];
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
packages = forAllSystems (system: {
|
||||
unbound = nixpkgsFor.${system}.callPackage ./unbound.nix { };
|
||||
});
|
||||
};
|
||||
}
|
||||
|
||||
@@ -386,8 +386,10 @@ To install hosts file on your machine add the following into your
|
||||
|
||||
### Nix Flake
|
||||
|
||||
NixOS installations which are managed through _flakes_ can use the hosts file
|
||||
like this:
|
||||
NixOS installations which are managed through _flakes_ can directly use the `flake.nix` in this repository as an input.
|
||||
|
||||
It contains a `nixosModule` that can be used to install the `hosts` file locally, as well as a package containing config files for the [Unbound](https://github.com/NLnetLabs/unbound) DNS server to be used as blocklists.
|
||||
|
||||
|
||||
```nix
|
||||
{
|
||||
@@ -403,7 +405,9 @@ like this:
|
||||
nixosConfigurations.my-hostname = {
|
||||
system = "<architecture>";
|
||||
modules = [
|
||||
hosts.nixosModule {
|
||||
# nixosModule to install hosts file locally:
|
||||
hosts.nixosModule
|
||||
{
|
||||
networking.stevenBlackHosts = {
|
||||
enable = true;
|
||||
# optionally:
|
||||
@@ -414,6 +418,19 @@ like this:
|
||||
# blockSocial = true;
|
||||
};
|
||||
}
|
||||
|
||||
# configure unbound to use config as blocklist:
|
||||
{
|
||||
{
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
settings.server.include = [
|
||||
"${hosts.packages.${system}.unbound}/hosts"
|
||||
# alternates are also available, e.g. /fakenews, /fakenews-gambling etc.
|
||||
];
|
||||
};
|
||||
}
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
23
unbound.nix
Normal file
23
unbound.nix
Normal file
@@ -0,0 +1,23 @@
|
||||
{
|
||||
lib,
|
||||
runCommandLocal,
|
||||
}:
|
||||
let
|
||||
toUnboundConf = ''awk 'NF == 2 && $1 == "0.0.0.0" && $2 != "0.0.0.0" { printf "local-zone: \"%s\" always_nxdomain\n", $2 }'\'';
|
||||
in
|
||||
runCommandLocal "stevenblack-hosts-unbound"
|
||||
{
|
||||
src = lib.sourceByRegex ./. [
|
||||
"^hosts$"
|
||||
"^alternates$"
|
||||
"^alternates/[^/]+$"
|
||||
"^alternates/[^/]+/hosts$"
|
||||
];
|
||||
}
|
||||
''
|
||||
mkdir $out
|
||||
${toUnboundConf} < $src/hosts > $out/hosts
|
||||
for file in $src/alternates/*/hosts; do
|
||||
${toUnboundConf} < $file > $out/$(basename $(dirname $file))
|
||||
done
|
||||
''
|
||||
Reference in New Issue
Block a user