nixos-config/profiles/servers/blocky.nix

{ config, pkgs, lib, ... }: {

  containers.blocky = {
    # extraFlags = [ "-U" ];
    autoStart = true;
    ephemeral = true;
    privateNetwork = true;
    hostBridge = "br0";
    localAddress = "192.168.0.5/24";
    tmpfs = [ "/" ];
    config = { config, pkgs, ... }: {
      networking = {
        defaultGateway = "192.168.0.1";
        hostName = "blocky-node";
        nameservers = [ "127.0.0.1" ];
        enableIPv6 = false;
        useHostResolvConf = false;
        firewall = {
          enable = true;
          allowedTCPPorts = [
            953
            # config.services.prometheus.port
            config.services.blocky.settings.port
            # config.services.blocky.settings.httpPort
            # config.services.grafana.settings.server.http_port
          ];
          allowedUDPPorts = [ 53 ];
          rejectPackets = false;
        };
      };
      services.blocky = {
        enable = true;
        settings = {
          upstream.default = [ "127.0.0.1:953" ];
          upstreamTimeout = "10s";
          blocking = {
            blackLists.ads = [
              "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
            ];
            clientGroupsBlock.default = [ "ads" ];
          };
          port = 53;
          httpPort = 4000;
          # httpPort = 8080;
          # httpsPort = 8443;
          # customDNS = {
          #   # customTTL = "1h";
          #   # filterUnmappedTypes = "true";
          #   mapping = {
          #     "code.ataraxiadev.com" = "192.168.0.10";
          #   };
          # };
          queryLog = {
            type = "console";
          };
          prometheus.enable = true;
        };
      };
      services.prometheus = {
        # enable = true;
        port = 9090;
        listenAddress = "0.0.0.0";
        globalConfig = {
          scrape_interval = "15s";
          evaluation_interval = "15s";
        };
        scrapeConfigs = [{
          job_name = "blocky";
          static_configs = [{
            targets = [ "127.0.0.1:${toString config.services.blocky.settings.httpPort}" ];
          }];
        }];
      };
      services.grafana = {
        # enable = true;
        settings = {
          analytics.reporting_enabled = false;
          server = {
            http_port = 3000;
            http_addr = "0.0.0.0";
            enable_gzip = true;
          };
          security = {
            admin_user = "admin";
            admin_password = "admin";
            # admin_password = "$__file(/var/secrets/grafana)";
          };
        };
        provision.enable = true;
        provision.datasources.settings = {
          apiVersion = 1;
          datasources = [{
            name = "Prometheus";
            type = "prometheus";
            access = "proxy";
            orgId = 1;
            url = "127.0.0.1:${toString config.services.prometheus.port}";
            isDefault = true;
            jsonData = {
              graphiteVersion = "1.1";
              tlsAuth = false;
              tlsAuthWithCACert = false;
            };
            version = 1;
            editable = true;
          }];
          deleteDatasources = [{
            name = "Prometheus";
            orgId = 1;
          }];
        };
      };
      services.dnscrypt-proxy2 = {
        enable = true;
        settings = {
          listen_addresses = [ "0.0.0.0:953" ];
          ipv6_servers = false;
          doh_servers = false;
          require_dnssec = true;
          require_nolog = true;
          require_nofilter = true;
          block_ipv6 = true;
          bootstrap_resolvers = [ "9.9.9.9:53" "9.9.9.11:53" ];
          sources = {
            public-resolvers = {
              urls = [
                "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
                "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
              ];
              cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
              minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
            };
          };
        };
      };
      system.stateVersion = "23.05";
    };
  };
}
update many homelab services 2023-01-26 00:43:11 +03:00			`{ config, pkgs, lib, ... }: {`

			`containers.blocky = {`
			`# extraFlags = [ "-U" ];`
			`autoStart = true;`
			`ephemeral = true;`
			`privateNetwork = true;`
			`hostBridge = "br0";`
			`localAddress = "192.168.0.5/24";`
			`tmpfs = [ "/" ];`
			`config = { config, pkgs, ... }: {`
			`networking = {`
			`defaultGateway = "192.168.0.1";`
			`hostName = "blocky-node";`
			`nameservers = [ "127.0.0.1" ];`
			`enableIPv6 = false;`
			`useHostResolvConf = false;`
			`firewall = {`
			`enable = true;`
			`allowedTCPPorts = [`
			`953`
			`# config.services.prometheus.port`
			`config.services.blocky.settings.port`
			`# config.services.blocky.settings.httpPort`
			`# config.services.grafana.settings.server.http_port`
			`];`
			`allowedUDPPorts = [ 53 ];`
			`rejectPackets = false;`
			`};`
			`};`
			`services.blocky = {`
			`enable = true;`
			`settings = {`
			`upstream.default = [ "127.0.0.1:953" ];`
			`upstreamTimeout = "10s";`
			`blocking = {`
			`blackLists.ads = [`
			`"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"`
			`];`
			`clientGroupsBlock.default = [ "ads" ];`
			`};`
			`port = 53;`
			`httpPort = 4000;`
			`# httpPort = 8080;`
			`# httpsPort = 8443;`
			`# customDNS = {`
			`# # customTTL = "1h";`
			`# # filterUnmappedTypes = "true";`
			`# mapping = {`
			`# "code.ataraxiadev.com" = "192.168.0.10";`
			`# };`
			`# };`
			`queryLog = {`
			`type = "console";`
			`};`
			`prometheus.enable = true;`
			`};`
			`};`
			`services.prometheus = {`
			`# enable = true;`
			`port = 9090;`
			`listenAddress = "0.0.0.0";`
			`globalConfig = {`
			`scrape_interval = "15s";`
			`evaluation_interval = "15s";`
			`};`
			`scrapeConfigs = [{`
			`job_name = "blocky";`
			`static_configs = [{`
			`targets = [ "127.0.0.1:${toString config.services.blocky.settings.httpPort}" ];`
			`}];`
			`}];`
			`};`
			`services.grafana = {`
			`# enable = true;`
			`settings = {`
			`analytics.reporting_enabled = false;`
			`server = {`
			`http_port = 3000;`
			`http_addr = "0.0.0.0";`
			`enable_gzip = true;`
			`};`
			`security = {`
			`admin_user = "admin";`
			`admin_password = "admin";`
			`# admin_password = "$__file(/var/secrets/grafana)";`
			`};`
			`};`
			`provision.enable = true;`
			`provision.datasources.settings = {`
			`apiVersion = 1;`
			`datasources = [{`
			`name = "Prometheus";`
			`type = "prometheus";`
			`access = "proxy";`
			`orgId = 1;`
			`url = "127.0.0.1:${toString config.services.prometheus.port}";`
			`isDefault = true;`
			`jsonData = {`
			`graphiteVersion = "1.1";`
			`tlsAuth = false;`
			`tlsAuthWithCACert = false;`
			`};`
			`version = 1;`
			`editable = true;`
			`}];`
			`deleteDatasources = [{`
			`name = "Prometheus";`
			`orgId = 1;`
			`}];`
			`};`
			`};`
			`services.dnscrypt-proxy2 = {`
			`enable = true;`
			`settings = {`
			`listen_addresses = [ "0.0.0.0:953" ];`
			`ipv6_servers = false;`
			`doh_servers = false;`
			`require_dnssec = true;`
			`require_nolog = true;`
			`require_nofilter = true;`
			`block_ipv6 = true;`
			`bootstrap_resolvers = [ "9.9.9.9:53" "9.9.9.11:53" ];`
			`sources = {`
			`public-resolvers = {`
			`urls = [`
			`"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"`
			`"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"`
			`];`
			`cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";`
			`minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";`
			`};`
			`};`
			`};`
			`};`
			`system.stateVersion = "23.05";`
			`};`
			`};`
			`}`