nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add reasonable default config options to AdGuard 

And allow reverse DNS lookup servers.
This commit is contained in:
niten 2023-11-27 12:13:30 -08:00
parent 04263beb7f
commit 6015d8eaf0
2 changed files with 49 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/fudo/adguard-dns-proxy.nix
View File

@ -57,10 +57,16 @@ let
port = dns.listen-port;
upstream_dns = upstream-dns;
bootstrap_dns = bootstrap-dns;
blocking_mode = "default";
blocked_hosts = blocked-hosts;
enable_dnssec = enable-dnssec;
local_domain_name = local-domain-name;
protection_enabled = true;
blocking_mode = "default";
blocked_hosts = blocked-hosts;
filtering_enabled = true;
parental_enabled = false;
safesearch_enabled = false;
use_private_ptr_resolvers = cfg.dns.reverse-dns != [ ];
local_ptr_upstreams = cfg.dns.reverse-dns;
};
tls.enabled = false;
filters = imap1 (i: filter: {
@ -94,6 +100,13 @@ in {
description = "Port on which to listen for DNS queries.";
default = 53;
};
reverse-dns = mkOption {
type = listOf str;
description =
"DNS servers on which to perform reverse lookups for private addresses (if any).";
default = [ ];
};
};
http = {

65
lib/lib/passwd.nix
View File

@ -2,54 +2,55 @@
with pkgs.lib;
let
hash-ldap-passwd-pkg = name: passwd-file: pkgs.stdenv.mkDerivation {
name = "${name}-ldap-passwd";
hash-ldap-passwd-pkg = name: passwd-file:
pkgs.stdenv.mkDerivation {
name = "${name}-ldap-passwd";
phases = [ "installPhase" ];
phases = [ "installPhase" ];
buildInputs = with pkgs; [ openldap ];
buildInputs = with pkgs; [ openldap ];
installPhase = let
passwd = removeSuffix "\n" (readFile passwd-file);
in ''
slappasswd -s ${passwd} | tr -d '\n' > $out
'';
};
installPhase = let passwd = removeSuffix "\n" (readFile passwd-file);
in ''
slappasswd -s ${passwd} | tr -d '\n' > $out
'';
};
hash-ldap-passwd = name: passwd-file:
readFile "${hash-ldap-passwd-pkg name passwd-file}";
generate-random-passwd = name: length: pkgs.stdenv.mkDerivation {
name = "${name}-random-passwd";
generate-random-passwd = name: length:
pkgs.stdenv.mkDerivation {
name = "${name}-random-passwd";
phases = [ "installPhase" ];
phases = [ "installPhase" ];
buildInputs = with pkgs; [ pwgen ];
buildInputs = with pkgs; [ pwgen ];
installPhase = ''
pwgen --secure --num-passwords=1 ${toString length} | tr -d '\n' > $out
'';
};
installPhase = ''
pwgen --secure --num-passwords=1 ${toString length} | tr -d '\n' > $out
'';
};
bcrypt-passwd-pkg = name: passwd-file: pkgs.stdenv.mkDerivation {
name = "${name}-bcrypt";
bcrypt-passwd-pkg = name: passwd-file:
pkgs.stdenv.mkDerivation {
name = "${name}-bcrypt";
phases = [ "installPhase" ];
phases = [ "installPhase" ];
buildInputs = with pkgs; [ apacheHttpd ];
buildInputs = with pkgs; [ apacheHttpd ];
installPhase = let
passwd = removeSuffix "\n" (readFile passwd-file);
in ''
htpasswd -bnBC 10 "" ${passwd} | tr -d ':\n' | sed 's/$2y/$2a/' > $out
'';
};
installPhase = let passwd = removeSuffix "\n" (readFile passwd-file);
in ''
htpasswd -bnBC 10 "" ${passwd} | tr -d ':\n' | sed 's/$2y/$2a/' > $out
'';
};
bcrypt-passwd = name: passwd-file:
readFile "${bcrypt-passwd-pkg name passwd-file}";
generate-stablerandom-passwd = name: { seed, length ? 20, ... }:
generate-stablerandom-passwd = name:
{ seed, length ? 20, ... }:
pkgs.stdenv.mkDerivation {
name = "${name}-stablerandom-passwd";
@ -59,7 +60,9 @@ let
installPhase = ''
echo "${name}-${seed}" > seedfile
pwgen --secure --num-passwords=1 -H seedfile ${toString length} | tr -d '\n' > $out
pwgen --secure --num-passwords=1 -H seedfile ${
toString length
} | tr -d '\n' > $out
'';
};