From 6532d3417ea247f5088649027a9719a34ad64406 Mon Sep 17 00:00:00 2001 From: Victor Freire Date: Thu, 10 Feb 2022 19:44:18 -0300 Subject: [PATCH] nixos/blocky: init --- .../from_md/release-notes/rl-2205.section.xml | 7 ++++ .../manual/release-notes/rl-2205.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/networking/blocky.nix | 40 +++++++++++++++++++ nixos/tests/all-tests.nix | 1 + nixos/tests/blocky.nix | 34 ++++++++++++++++ .../networking/blocky/default.nix | 3 ++ 7 files changed, 88 insertions(+) create mode 100644 nixos/modules/services/networking/blocky.nix create mode 100644 nixos/tests/blocky.nix diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 544b1e138989..ff36fdb328a2 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -214,6 +214,13 @@ services.headscale + + + blocky, + fast and lightweight DNS proxy as ad-blocker for local network + with many features. + +
diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index c748d2dae9e2..32b222559c22 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -65,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable) +- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features. + ## Backward Incompatibilities {#sec-release-22.05-incompatibilities} diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 70964ad80f73..f640095308f9 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -716,6 +716,7 @@ ./services/networking/bird.nix ./services/networking/bitlbee.nix ./services/networking/blockbook-frontend.nix + ./services/networking/blocky.nix ./services/networking/charybdis.nix ./services/networking/cjdns.nix ./services/networking/cntlm.nix diff --git a/nixos/modules/services/networking/blocky.nix b/nixos/modules/services/networking/blocky.nix new file mode 100644 index 000000000000..7488e05fc033 --- /dev/null +++ b/nixos/modules/services/networking/blocky.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.blocky; + + format = pkgs.formats.yaml { }; + configFile = format.generate "config.yaml" cfg.settings; +in +{ + options.services.blocky = { + enable = mkEnableOption "Fast and lightweight DNS proxy as ad-blocker for local network with many features"; + + settings = mkOption { + type = format.type; + default = { }; + description = '' + Blocky configuration. Refer to + + for details on supported values. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.blocky = { + description = "A DNS proxy and ad-blocker for the local network"; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + DynamicUser = true; + ExecStart = "${pkgs.blocky}/bin/blocky --config ${configFile}"; + + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ]; + }; + }; + }; +} diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3fd4945ed352..10a6de93be20 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -51,6 +51,7 @@ in bitcoind = handleTest ./bitcoind.nix {}; bittorrent = handleTest ./bittorrent.nix {}; blockbook-frontend = handleTest ./blockbook-frontend.nix {}; + blocky = handleTest ./blocky.nix {}; boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {}; boot-stage1 = handleTest ./boot-stage1.nix {}; borgbackup = handleTest ./borgbackup.nix {}; diff --git a/nixos/tests/blocky.nix b/nixos/tests/blocky.nix new file mode 100644 index 000000000000..18e7f45e1c73 --- /dev/null +++ b/nixos/tests/blocky.nix @@ -0,0 +1,34 @@ +import ./make-test-python.nix { + name = "blocky"; + + nodes = { + server = { pkgs, ... }: { + environment.systemPackages = [ pkgs.dnsutils ]; + services.blocky = { + enable = true; + + settings = { + customDNS = { + mapping = { + "printer.lan" = "192.168.178.3,2001:0db8:85a3:08d3:1319:8a2e:0370:7344"; + }; + }; + upstream = { + default = [ "8.8.8.8" "1.1.1.1" ]; + }; + port = 53; + httpPort = 5000; + logLevel = "info"; + }; + }; + }; + }; + + testScript = '' + with subtest("Service test"): + server.wait_for_unit("blocky.service") + server.wait_for_open_port(53) + server.wait_for_open_port(5000) + server.succeed("dig @127.0.0.1 +short -x 192.168.178.3 | grep -qF printer.lan") + ''; +} diff --git a/pkgs/applications/networking/blocky/default.nix b/pkgs/applications/networking/blocky/default.nix index 8bc0963338fb..842cbe30309d 100644 --- a/pkgs/applications/networking/blocky/default.nix +++ b/pkgs/applications/networking/blocky/default.nix @@ -1,6 +1,7 @@ { buildGoModule , fetchFromGitHub , lib +, nixosTests }: buildGoModule rec { @@ -27,4 +28,6 @@ buildGoModule rec { license = licenses.asl20; maintainers = with maintainers; [ ratsclub ]; }; + + passthru.tests = { inherit (nixosTests) blocky; }; }