feat: initial

2026-03-09 22:06:13 +01:00 · 2026-03-09 22:06:13 +01:00 · bba9ceff39
commit bba9ceff39
18 changed files with 750 additions and 0 deletions
--- a/services/blocky.nix
+++ b/services/blocky.nix
@ -0,0 +1,61 @@
+{ config, pkgs, ... }:
+
+let 
+  net = import ../data/network.nix;
+in
+{
+  # Enable Blocky
+  services.blocky = {
+    enable = true;
+    settings = {
+      # Listen on port 53 (standard DNS port)
+      ports.dns = 53;
+      
+      # Custom DNS entries for your local services
+      customDNS = {
+        # This maps your domains to your Pi's IP
+        mapping = net.dnsMappings;
+        # mapping = dnsMappings;
+      };
+
+      conditional = {
+        fallbackUpstream = false;
+        mapping = builtins.mapAttrs (name: value: net.ips.router) net.dnsMappings;
+      };
+      
+      # Upstream DNS servers (with fallback)
+      upstreams = {
+        groups = {
+          default = 
+            ["https://cloudflare-dns.com/dns-query"] ++ net.fallback_dns_servers;
+        };
+      };
+      
+      # Bootstrap DNS (for initially resolving DoH servers)
+      bootstrapDns = {
+        upstream = "https://1.1.1.1/dns-query";
+        ips = ["1.1.1.1" "1.0.0.1"];
+      };
+      
+      # Enable caching for better performance
+      caching = {
+        minTime = "5m";
+        maxTime = "30m";
+        prefetching = true;
+      };
+      
+      # blocking = {
+      #   denylists = {
+      #     ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"];
+      #   };
+      #   clientGroupsBlock = {
+      #     default = ["ads"];
+      #   };
+      # };
+    };
+  };
+  
+  # Allow DNS through the firewall
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+}