diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
index 544b1e138989..ff36fdb328a2 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@@ -214,6 +214,13 @@
services.headscale
+
+
+ blocky,
+ fast and lightweight DNS proxy as ad-blocker for local network
+ with many features.
+
+
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md
index c748d2dae9e2..32b222559c22 100644
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@@ -65,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin
- [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)
+- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
+
## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 70964ad80f73..f640095308f9 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -716,6 +716,7 @@
./services/networking/bird.nix
./services/networking/bitlbee.nix
./services/networking/blockbook-frontend.nix
+ ./services/networking/blocky.nix
./services/networking/charybdis.nix
./services/networking/cjdns.nix
./services/networking/cntlm.nix
diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix
new file mode 100644
index 000000000000..7488e05fc033
--- /dev/null
+++ b/nixos/modules/services/networking/blocky.nix
@@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.blocky;
+
+ format = pkgs.formats.yaml { };
+ configFile = format.generate "config.yaml" cfg.settings;
+in
+{
+ options.services.blocky = {
+ enable = mkEnableOption "Fast and lightweight DNS proxy as ad-blocker for local network with many features";
+
+ settings = mkOption {
+ type = format.type;
+ default = { };
+ description = ''
+ Blocky configuration. Refer to
+
+ for details on supported values.
+ '';
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.blocky = {
+ description = "A DNS proxy and ad-blocker for the local network";
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ DynamicUser = true;
+ ExecStart = "${pkgs.blocky}/bin/blocky --config ${configFile}";
+
+ AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+ CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+ };
+ };
+ };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 3fd4945ed352..10a6de93be20 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -51,6 +51,7 @@ in
bitcoind = handleTest ./bitcoind.nix {};
bittorrent = handleTest ./bittorrent.nix {};
blockbook-frontend = handleTest ./blockbook-frontend.nix {};
+ blocky = handleTest ./blocky.nix {};
boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {};
boot-stage1 = handleTest ./boot-stage1.nix {};
borgbackup = handleTest ./borgbackup.nix {};
diff --git a/nixos/tests/blocky.nix b/nixos/tests/blocky.nix
new file mode 100644
index 000000000000..18e7f45e1c73
--- /dev/null
+++ b/nixos/tests/blocky.nix
@@ -0,0 +1,34 @@
+import ./make-test-python.nix {
+ name = "blocky";
+
+ nodes = {
+ server = { pkgs, ... }: {
+ environment.systemPackages = [ pkgs.dnsutils ];
+ services.blocky = {
+ enable = true;
+
+ settings = {
+ customDNS = {
+ mapping = {
+ "printer.lan" = "192.168.178.3,2001:0db8:85a3:08d3:1319:8a2e:0370:7344";
+ };
+ };
+ upstream = {
+ default = [ "8.8.8.8" "1.1.1.1" ];
+ };
+ port = 53;
+ httpPort = 5000;
+ logLevel = "info";
+ };
+ };
+ };
+ };
+
+ testScript = ''
+ with subtest("Service test"):
+ server.wait_for_unit("blocky.service")
+ server.wait_for_open_port(53)
+ server.wait_for_open_port(5000)
+ server.succeed("dig @127.0.0.1 +short -x 192.168.178.3 | grep -qF printer.lan")
+ '';
+}
diff --git a/pkgs/applications/networking/blocky/default.nix b/pkgs/applications/networking/blocky/default.nix
index 8bc0963338fb..842cbe30309d 100644
--- a/pkgs/applications/networking/blocky/default.nix
+++ b/pkgs/applications/networking/blocky/default.nix
@@ -1,6 +1,7 @@
{ buildGoModule
, fetchFromGitHub
, lib
+, nixosTests
}:
buildGoModule rec {
@@ -27,4 +28,6 @@ buildGoModule rec {
license = licenses.asl20;
maintainers = with maintainers; [ ratsclub ];
};
+
+ passthru.tests = { inherit (nixosTests) blocky; };
}