haru: switch to adguard

This commit is contained in:
notohh 2024-01-07 17:50:34 -05:00
parent 0e68e5ac9c
commit 5b880684d9
Signed by: notohh
GPG key ID: BD47506D475EE86D
5 changed files with 272 additions and 139 deletions

View file

@ -0,0 +1,27 @@
_: {
imports = [
./filters.nix
./rewrites.nix
];
networking.firewall.allowedTCPPorts = [53 443 80 3000];
networking.firewall.allowedUDPPorts = [53];
services.adguardhome = {
enable = true;
openFirewall = true;
mutableSettings = true;
settings = {
bind_port = 3000;
bind_host = "0.0.0.0";
statistics = {
enabled = true;
ignored = [
"youporn.com"
"pornhub.com"
"xvideos.com"
"onlyfans.com"
"fansly.com"
];
};
};
};
}

View file

@ -0,0 +1,170 @@
_: {
services.adguardhome.settings = {
filters = [
{
name = "blocklistproject";
enabled = true;
url = "https://blocklistproject.github.io/Lists/ads.txt";
id = 1;
}
{
name = "StevenBlack";
enabled = true;
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
id = 2;
}
{
name = "adaway";
enabled = true;
url = "https://adaway.org/hosts.txt";
id = 3;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/AdguardDNS.txt";
id = 4;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/Admiral.txt";
id = 5;
}
{
name = "anudeepND";
enabled = true;
url = "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt";
id = 6;
}
{
name = "simple_ad";
enabled = true;
url = "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt";
id = 7;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/Easylist.txt";
id = 8;
}
{
name = "pgl.yoyo.org";
enabled = true;
url = "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext";
id = 9;
}
{
name = "UncheckyAds";
enabled = true;
url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts";
id = 10;
}
{
name = "bigdargon";
enabled = true;
url = "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts";
id = 11;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/Easyprivacy.txt";
id = 12;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/Prigent-Ads.txt";
id = 13;
}
{
name = "FadeMind";
enabled = true;
url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts";
id = 14;
}
{
name = "crazy-max";
enabled = true;
url = "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt";
id = 15;
}
{
name = "hostfiles.frogeye.fr";
enabled = true;
url = "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt";
id = 16;
}
{
name = "DandelionSprout";
enabled = true;
url = "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt";
id = 17;
}
{
name = "osint.digitalside.it";
enabled = true;
url = "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt";
id = 18;
}
{
name = "simple_malvertising";
enabled = true;
url = "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt";
id = 19;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/Prigent-Crypto.txt";
id = 20;
}
{
name = "FadeMind";
enabled = true;
url = "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts";
id = 21;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/RPiList-Phishing.txt";
id = 22;
}
{
name = "v.fire.blog";
enabled = true;
url = "https://v.firebog.net/hosts/RPiList-Malware.txt";
id = 23;
}
{
name = "zerodot1.gitlab.io";
enabled = true;
url = "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser";
id = 24;
}
{
name = "StevenBlack";
enabled = true;
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts";
id = 25;
}
];
whitelist_filters = [
{
name = "whitelist";
enabled = true;
url = "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt";
id = 1;
}
{
name = "whitelist - optionals";
enabled = true;
url = "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt";
id = 1;
}
];
};
}

View file

@ -0,0 +1,74 @@
_: {
services.adguardhome.settings = {
dns.rewrites = [
{
domain = "adguardhome.internal.flake.sh";
answer = "192.168.1.103";
}
{
domain = "dashboard.internal.flake.sh";
answer = "192.168.1.98";
}
{
domain = "truenas.internal.flake.sh";
answer = "192.168.1.199";
}
{
domain = "assistant.internal.flake.sh";
answer = "192.168.1.189";
}
{
domain = "udm.internal.flake.s";
answer = "192.168.1.1";
}
{
domain = "pve.internal.flake.sh";
answer = "192.168.1.37";
}
{
domain = "pbs.internal.flake.sh";
answer = "192.168.1.38";
}
{
domain = "jellyfin.internal.flake.sh";
answer = "192.168.1.98";
}
{
domain = "jellyseerr.internal.flake.sh";
answer = "192.168.1.98";
}
{
domain = "sonarr.internal.flake.sh";
answer = "192.168.1.54";
}
{
domain = "radarr.internal.flake.sh";
answer = "192.168.1.54";
}
{
domain = "whisparr.internal.flake.sh";
answer = "192.168.1.54";
}
{
domain = "prowlarr.internal.flake.sh";
answer = "192.168.1.54";
}
{
domain = "stash.internal.flake.sh";
answer = "192.168.1.98";
}
{
domain = "nextcloud.internal.flake.sh";
answer = "192.168.1.199";
}
{
domain = "wallos.internal.flake.sh";
answer = "192.168.1.98";
}
{
domain = "synology.internal.flake.sh";
answer = "192.168.1.71";
}
];
};
}

View file

@ -1,138 +0,0 @@
{pkgs, ...}: {
networking.firewall.allowedTCPPorts = [53 4000];
networking.firewall.allowedUDPPorts = [53];
environment.systemPackages = [pkgs.blocky];
services.blocky = {
enable = true;
settings = {
connectIPVersion = "v4";
upstreamTimeout = "30s";
startVerifyUpstream = false;
minTlsServeVersion = "1.2";
log = {
level = "debug";
privacy = true;
};
ports = {
dns = 53;
http = 4000;
https = 443;
};
upstream.default = [
"1.1.1.1"
"1.0.0.1"
"9.9.9.9"
"https://1.1.1.1/dns-query"
"https://dns.quad9.net/dns-query"
"https://dns-unfiltered.adguard.com/dns-query"
];
blocking = {
loading = {
strategy = "fast";
concurrency = 8;
};
blackLists = {
ads = [
"https://blocklistproject.github.io/Lists/ads.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
];
tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt"
];
misc = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts"
];
};
whiteLists = {
default = [
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt"
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt"
];
};
clientGroupsBlock = {
default = [
"ads"
"tracking"
"malicious"
"misc"
];
};
};
customDNS = {
customTTL = "1h";
mapping = {
# infra
"truenas.internal.flake.sh" = "192.168.1.199";
"assistant.internal.flake.sh" = "192.168.1.189";
"dashboard.internal.flake.sh" = "192.168.1.98";
"udm.internal.flake.sh" = "192.168.1.1";
"pve.internal.flake.sh" = "192.168.1.37";
"pbs.internal.flake.sh" = "192.168.1.38";
# media
"jellyfin.internal.flake.sh" = "192.168.1.98";
"jellyseerr.internal.flake.sh" = "192.168.1.98";
"sonarr.internal.flake.sh" = "192.168.1.54";
"radarr.internal.flake.sh" = "192.168.1.54";
"readarr.internal.flake.sh" = "192.168.1.54";
"whisparr.internal.flake.sh" = "192.168.1.54";
"prowlarr.internal.flake.sh" = "192.168.1.54";
"stash.internal.flake.sh" = "192.168.1.98";
"nextcloud.internal.flake.sh" = "192.168.1.199";
# misc
"wallos.internal.flake.sh" = "192.168.1.98";
"synology.internal.flake.sh" = "192.168.1.71";
};
};
redis = {
address = "100.94.214.100:6381";
password = "blocky";
database = 2;
required = false;
connectionAttempts = 10;
connectionCooldown = "5s";
};
caching = {
minTime = "2h";
maxTime = "12h";
maxItemsCount = 0;
prefetching = true;
prefetchExpires = "2h";
prefetchThreshold = 5;
};
prometheus = {
enable = true;
path = "/metrics";
};
};
};
}

View file

@ -1,5 +1,5 @@
_: {
imports = [
./blocky.nix
./adguardhome/adguardhome.nix
];
}