nixos/blocky: init

2 years ago · 6532d3417e
parent 8429cc4ffd
commit 6532d3417e
7 changed files with 88 additions and 0 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -214,6 +214,13 @@
          <link xlink:href="options.html#opt-services.headscale.enable">services.headscale</link>
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://0xerr0r.github.io/blocky/">blocky</link>,
+          fast and lightweight DNS proxy as ad-blocker for local network
+          with many features.
+        </para>
+      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="sec-release-22.05-incompatibilities">
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -65,6 +65,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - [headscale](https://github.com/juanfont/headscale), an Open Source implementation of the [Tailscale](https://tailscale.io) Control Server. Available as [services.headscale](options.html#opt-services.headscale.enable)

+- [blocky](https://0xerr0r.github.io/blocky/), fast and lightweight DNS proxy as ad-blocker for local network with many features.
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

 ## Backward Incompatibilities {#sec-release-22.05-incompatibilities}
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -716,6 +716,7 @@
  ./services/networking/bird.nix
  ./services/networking/bitlbee.nix
  ./services/networking/blockbook-frontend.nix
+  ./services/networking/blocky.nix
  ./services/networking/charybdis.nix
  ./services/networking/cjdns.nix
  ./services/networking/cntlm.nix
--- a/nixos/modules/services/networking/blocky.nix
+++ b/nixos/modules/services/networking/blocky.nix
@ -0,0 +1,40 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.blocky;
+
+  format = pkgs.formats.yaml { };
+  configFile = format.generate "config.yaml" cfg.settings;
+in
+{
+  options.services.blocky = {
+    enable = mkEnableOption "Fast and lightweight DNS proxy as ad-blocker for local network with many features";
+
+    settings = mkOption {
+      type = format.type;
+      default = { };
+      description = ''
+        Blocky configuration. Refer to
+        <link xlink:href="https://0xerr0r.github.io/blocky/configuration/"/>
+        for details on supported values.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.blocky = {
+      description = "A DNS proxy and ad-blocker for the local network";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        DynamicUser = true;
+        ExecStart = "${pkgs.blocky}/bin/blocky --config ${configFile}";
+
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+        CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
+      };
+    };
+  };
+}
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@ -51,6 +51,7 @@ in
  bitcoind = handleTest ./bitcoind.nix {};
  bittorrent = handleTest ./bittorrent.nix {};
  blockbook-frontend = handleTest ./blockbook-frontend.nix {};
+  blocky = handleTest ./blocky.nix {};
  boot = handleTestOn ["x86_64-linux" "aarch64-linux"] ./boot.nix {};
  boot-stage1 = handleTest ./boot-stage1.nix {};
  borgbackup = handleTest ./borgbackup.nix {};
--- a/nixos/tests/blocky.nix
+++ b/nixos/tests/blocky.nix
@ -0,0 +1,34 @@
+import ./make-test-python.nix {
+  name = "blocky";
+
+  nodes = {
+    server = { pkgs, ... }: {
+      environment.systemPackages = [ pkgs.dnsutils ];
+      services.blocky = {
+        enable = true;
+
+        settings = {
+          customDNS = {
+            mapping = {
+              "printer.lan" = "192.168.178.3,2001:0db8:85a3:08d3:1319:8a2e:0370:7344";
+            };
+          };
+          upstream = {
+            default = [ "8.8.8.8" "1.1.1.1" ];
+          };
+          port = 53;
+          httpPort = 5000;
+          logLevel = "info";
+        };
+      };
+    };
+  };
+
+  testScript = ''
+    with subtest("Service test"):
+        server.wait_for_unit("blocky.service")
+        server.wait_for_open_port(53)
+        server.wait_for_open_port(5000)
+        server.succeed("dig @127.0.0.1 +short -x 192.168.178.3 | grep -qF printer.lan")
+  '';
+}
--- a/pkgs/applications/networking/blocky/default.nix
+++ b/pkgs/applications/networking/blocky/default.nix
@ -1,6 +1,7 @@
 { buildGoModule
 , fetchFromGitHub
 , lib
+, nixosTests
 }:

 buildGoModule rec {
@ -27,4 +28,6 @@ buildGoModule rec {
    license = licenses.asl20;
    maintainers = with maintainers; [ ratsclub ];
  };
+
+  passthru.tests = { inherit (nixosTests) blocky; };
 }