diff options
author | Aaron Andersen <aaron@fosslib.net> | 2022-02-18 11:27:25 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-02-18 11:27:25 -0500 |
commit | b3c0344c9d7d5dec543844f1ac7c17668e4622bb (patch) | |
tree | ef05c9d4f8b052257aa10b9c409d40815fdaf92e /nixos | |
parent | 95446037866cb8f8a131f8930958135223fa0e96 (diff) | |
parent | 6532d3417ea247f5088649027a9719a34ad64406 (diff) |
Merge pull request #156763 from ratsclub/blocky
nixos/blocky: init
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 7 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/networking/blocky.nix | 40 | ||||
-rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
-rw-r--r-- | nixos/tests/blocky.nix | 34 |
6 files changed, 85 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index c234cda499f83..31093bdbd013c 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -238,6 +238,13 @@ <link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link> </para> </listitem> + <listitem> + <para> + <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>, + fast and lightweight DNS proxy as ad-blocker for local network + with many features. + </para> + </listitem> </itemizedlist> </section> <section xml:id="sec-release-22.05-incompatibilities"> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 567a6d6780a16..258cd2fe3166f 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -71,6 +71,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable) +- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. + <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> ## Backward Incompatibilities {#sec-release-22.05-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index b6d9bd00629af..ca82ddfb58638 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -718,6 +718,7 @@ ./services/networking/bird.nix ./services/networking/bitlbee.nix ./services/networking/blockbook-frontend.nix + ./services/networking/blocky.nix ./services/networking/charybdis.nix ./services/networking/cjdns.nix ./services/networking/cntlm.nix diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix new file mode 100644 index 0000000000000..7488e05fc0331 --- /dev/null +++ b/nixos/modules/services/networking/blocky.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.blocky; + + format = pkgs.formats.yaml { }; + configFile = format.generate "config.yaml" cfg.settings; +in +{ + options.services.blocky = { + enable = mkEnableOption "Fast and lightweight DNS proxy as ad-blocker for local network with many features"; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Blocky configuration. Refer to + <link xlink:href="https://0xerr0r.github.io/blocky/configuration/"/> + for details on supported values. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.blocky = { + description = "A DNS proxy and ad-blocker for the local network"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + DynamicUser = true; + ExecStart = "${pkgs.blocky}/bin/blocky --config ${configFile}"; + + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 520c48bc45b4c..a0beaf98de5ce 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -52,6 +52,7 @@ in bitcoind = handleTest ./bitcoind.nix {}; bittorrent = handleTest ./bittorrent.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; + blocky = handleTest ./blocky.nix {}; boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {}; boot-stage1 = handleTest ./boot-stage1.nix {}; borgbackup = handleTest ./borgbackup.nix {}; diff --git a/nixos/tests/blocky.nix b/nixos/tests/blocky.nix new file mode 100644 index 0000000000000..18e7f45e1c738 --- /dev/null +++ b/nixos/tests/blocky.nix @@ -0,0 +1,34 @@ +import ./make-test-python.nix { + name = "blocky"; + + nodes = { + server = { pkgs, ... }: { + environment.systemPackages = [ pkgs.dnsutils ]; + services.blocky = { + enable = true; + + settings = { + customDNS = { + mapping = { + "printer.lan" = "192.168.178.3,2001:0db8:85a3:08d3:1319:8a2e:0370:7344"; + }; + }; + upstream = { + default = [ "8.8.8.8" "1.1.1.1" ]; + }; + port = 53; + httpPort = 5000; + logLevel = "info"; + }; + }; + }; + }; + + testScript = '' + with subtest("Service test"): + server.wait_for_unit("blocky.service") + server.wait_for_open_port(53) + server.wait_for_open_port(5000) + server.succeed("dig @127.0.0.1 +short -x 192.168.178.3 | grep -qF printer.lan") + ''; +} |