diff options
| author | Tim Keller <tjk@tjkeller.xyz> | 2026-06-14 13:37:23 -0500 |
|---|---|---|
| committer | Tim Keller <tjk@tjkeller.xyz> | 2026-06-14 13:37:23 -0500 |
| commit | 38980a9f11f451f9dd0583ffc54408c415702b69 (patch) | |
| tree | 42989abdaf1dcdcd04c217083690ed58894c1060 | |
| parent | 02e6a142e92f5d695b2baf242cc676f1e07bca22 (diff) | |
| download | nixos-38980a9f11f451f9dd0583ffc54408c415702b69.tar.xz nixos-38980a9f11f451f9dd0583ffc54408c415702b69.zip | |
unbound blocklists fixed
| -rw-r--r-- | nixos/services/router/blocklists.nix | 35 | ||||
| -rw-r--r-- | nixos/services/router/unbound-blocklist.nix | 18 |
2 files changed, 16 insertions, 37 deletions
diff --git a/nixos/services/router/blocklists.nix b/nixos/services/router/blocklists.nix deleted file mode 100644 index 753dd68..0000000 --- a/nixos/services/router/blocklists.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, ... }: let - cfg = config.services._router.dnsDhcpConfig.blocklists; - hageziList = list: [ - "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/${list}.txt" - "https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/${list}.txt" - "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/${list}.txt" - ]; - mkHageziLists = lib.listToAttrs ( - map (n: { name = "hagezi_${n}"; value = n; }) cfg.hageziBlocklists - ); -in { - options.services._router.dnsDhcpConfig.blocklists = { - enable = lib.mkEnableOption "enable unbound blocklists"; - hageziBlocklists = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "hagezi blocklists to enable"; - example = [ "pro" "nsfw" ]; - }; - extraBlocklists = lib.mkOption { - type = lib.types.attrsOf (lib.types.listOf lib.types.str); - description = "additional rpz blocklists to enable"; - }; - }; - config = lib.mkIf cfg.enable { - services.unbound = { - _blocklists = { - enable = true; - blocklists = lib.map { - hageziNSFW = hageziList "nsfw"; - hageziPro = hageziList "pro"; - } // cfg.extraBlocklists; - }; - }; - }; -} diff --git a/nixos/services/router/unbound-blocklist.nix b/nixos/services/router/unbound-blocklist.nix index 153f2c0..27f2a04 100644 --- a/nixos/services/router/unbound-blocklist.nix +++ b/nixos/services/router/unbound-blocklist.nix @@ -1,9 +1,23 @@ { lib, config, pkgs, ... }: let cfg = config.services.unbound._blocklists; + hageziList = list: [ + "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/rpz/${list}.txt" + "https://gitlab.com/hagezi/mirror/-/raw/main/dns-blocklists/rpz/${list}.txt" + "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/rpz/${list}.txt" + ]; + hageziBlocklists = lib.listToAttrs ( + map (n: { name = "hagezi_${n}"; value = n; }) cfg.hageziBlocklists + ); + blocklists = hageziBlocklists // cfg.extraBlocklists; in { options.services.unbound._blocklists = { enable = lib.mkEnableOption "enable rpz blocklist generation in unbound"; - blocklists = lib.mkOption { + hageziBlocklists = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "hagezi blocklists to enable"; + example = [ "pro" "nsfw" ]; + }; + extraBlocklists = lib.mkOption { type = lib.types.attrsOf (lib.types.listOf lib.types.str); example = { hageziNSFW = [ @@ -59,7 +73,7 @@ in { # ${extraBlockedDomainsRPZ} #''; #extraBlockedDomainsRPZEntries = rpzEntry "extraBlockedDomains" extraBlockedDomainsRPZFile; - rpz = lib.mapAttrsToList rpzEntry cfg.blocklists; + rpz = lib.mapAttrsToList rpzEntry blocklists; in { server.module-config = ''"respip validator iterator"''; # Adds respip before validator and iterator. Needed for rpz config inherit rpz; |