add ad blocking dns server

2024-12-01 15:59:42 +00:00 · 2024-12-01 15:59:42 +00:00 · 205c2b9a11
commit 205c2b9a11
parent 910b78c5ec
4 changed files with 21 additions and 32 deletions
--- a/nixos/boxes/bolty/adblocking.nix
+++ b/nixos/boxes/bolty/adblocking.nix
@ -0,0 +1,18 @@
+{
+  config,
+  pkgs,
+  inputs,
+  system,
+  ...
+}: {
+  services.resolved = {
+    # Disable local DNS stub listener on 127.0.0.53
+    extraConfig = ''
+      DNSStubListener=no
+    '';
+  };
+  services.technitium-dns-server = {
+    enable = true;
+    openFirewall = true;
+  };
+}
--- a/nixos/boxes/bolty/default.nix
+++ b/nixos/boxes/bolty/default.nix
@ -6,6 +6,7 @@
  imports = [
    ../cli.nix
    ../send-logs.nix
+    ./adblocking.nix
    ./bolty-boot.nix
    ./grafana.nix
    ./home-assistant.nix
@ -18,9 +19,9 @@
    ./print-server.nix
    ./real-hardware.nix
    ./restic-server.nix
+    ./syncthing.nix
    ./tailscale-cert.nix
    ./virtualisation.nix
-    ./syncthing.nix
    ../../git
    ../../helix
    ../../mercurial
--- a/nixos/boxes/bolty/nas.nix
+++ b/nixos/boxes/bolty/nas.nix
@ -15,36 +15,6 @@
    enable = true;
    allowPing = true;
  };
-  services.samba = {
-    enable = true;
-    nsswins = true;
-    securityType = "user";
-    extraConfig = ''
-      workgroup = WORKGROUP
-      server string = smbnix
-      netbios name = smbnix
-      security = user
-      #use sendfile = yes
-      #max protocol = smb2
-      # note: localhost is the ipv6 localhost ::1
-      hosts allow = 10.0.0. 100. 127.0.0.1 localhost
-      hosts deny = 0.0.0.0/0
-      guest account = sambaguest
-      map to guest = bad user
-    '';
-    shares = {
-      videos = {
-        path = "/data/shares/videos";
-        browseable = "yes";
-        "read only" = "no";
-        "guest ok" = "yes";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "sambaguest";
-      };
-    };
-    openFirewall = true;
-  };
  networking.firewall.allowedTCPPorts = [2049];
  services.nfs.server = {
    enable = true;
--- a/nixos/boxes/bolty/networking.nix
+++ b/nixos/boxes/bolty/networking.nix
@ -19,7 +19,7 @@
      address = ["10.0.0.8/24"];
      gateway = ["10.0.0.1"];
      DHCP = "no";
-      dns = ["100.100.100.100" "9.9.9.9"];
+      dns = ["10.0.0.8"];
    };
    networks."eth" = {
      name = "enp4s0";