From 1723a4a872f5635343dffa70595e07d73b1b1f73 Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Tue, 12 Dec 2023 14:56:24 +0100
Subject: [PATCH] Block ads via dnscrypt-proxy

---
 modules/networking.nix |  4 +++-
 modules/periodic.nix   | 10 +++-------
 2 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/modules/networking.nix b/modules/networking.nix
index c00a8c1..e5590c8 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -108,7 +108,7 @@ in {
       local-ttl = 300;
 
       conf-file = "${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf";
-      dnssec = true;
+      dnssec = false;
 
       address = "/coolneng.duckdns.org/192.168.13.2";
     };
@@ -129,6 +129,8 @@ in {
         minisign_key =
           "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
       };
+      blocked_names.blocked_names_file =
+        "/var/lib/dnscrypt-proxy/blocklist.txt";
     };
   };
 
diff --git a/modules/periodic.nix b/modules/periodic.nix
index e4f4c16..a1418e4 100644
--- a/modules/periodic.nix
+++ b/modules/periodic.nix
@@ -1,8 +1,8 @@
 { config, lib, pkgs, ... }:
 
 let
-  stateDir = "/var/lib/dnsmasq";
-  blocklist = "${stateDir}/dnsmasq.blacklist.txt";
+  stateDir = "/var/lib/dnscrypt-proxy";
+  blocklist = "${stateDir}/blocklist.txt";
 
 in {
   # PostgreSQL daily backups
@@ -20,13 +20,9 @@ in {
     wantedBy = [ "default.target" ];
     path = with pkgs; [ curl coreutils ];
     script = ''
-      curl -L https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -o ${blocklist}
-      sed "/cainiao/d" -i ${blocklist}
+      curl -L https://download.dnscrypt.info/blacklists/domains/mybase.txt -o ${blocklist}
     '';
     serviceConfig.Type = "oneshot";
-    postStop = ''
-      chown -R dnsmasq ${stateDir}
-    '';
     startAt = "02:00:00";
   };