Add reasonable default config options to AdGuard
And allow reverse DNS lookup servers.
This commit is contained in:
parent
04263beb7f
commit
6015d8eaf0
@ -57,10 +57,16 @@ let
|
|||||||
port = dns.listen-port;
|
port = dns.listen-port;
|
||||||
upstream_dns = upstream-dns;
|
upstream_dns = upstream-dns;
|
||||||
bootstrap_dns = bootstrap-dns;
|
bootstrap_dns = bootstrap-dns;
|
||||||
blocking_mode = "default";
|
|
||||||
blocked_hosts = blocked-hosts;
|
|
||||||
enable_dnssec = enable-dnssec;
|
enable_dnssec = enable-dnssec;
|
||||||
local_domain_name = local-domain-name;
|
local_domain_name = local-domain-name;
|
||||||
|
protection_enabled = true;
|
||||||
|
blocking_mode = "default";
|
||||||
|
blocked_hosts = blocked-hosts;
|
||||||
|
filtering_enabled = true;
|
||||||
|
parental_enabled = false;
|
||||||
|
safesearch_enabled = false;
|
||||||
|
use_private_ptr_resolvers = cfg.dns.reverse-dns != [ ];
|
||||||
|
local_ptr_upstreams = cfg.dns.reverse-dns;
|
||||||
};
|
};
|
||||||
tls.enabled = false;
|
tls.enabled = false;
|
||||||
filters = imap1 (i: filter: {
|
filters = imap1 (i: filter: {
|
||||||
@ -94,6 +100,13 @@ in {
|
|||||||
description = "Port on which to listen for DNS queries.";
|
description = "Port on which to listen for DNS queries.";
|
||||||
default = 53;
|
default = 53;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
reverse-dns = mkOption {
|
||||||
|
type = listOf str;
|
||||||
|
description =
|
||||||
|
"DNS servers on which to perform reverse lookups for private addresses (if any).";
|
||||||
|
default = [ ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
http = {
|
http = {
|
||||||
|
|||||||
@ -2,54 +2,55 @@
|
|||||||
|
|
||||||
with pkgs.lib;
|
with pkgs.lib;
|
||||||
let
|
let
|
||||||
hash-ldap-passwd-pkg = name: passwd-file: pkgs.stdenv.mkDerivation {
|
hash-ldap-passwd-pkg = name: passwd-file:
|
||||||
name = "${name}-ldap-passwd";
|
pkgs.stdenv.mkDerivation {
|
||||||
|
name = "${name}-ldap-passwd";
|
||||||
|
|
||||||
phases = [ "installPhase" ];
|
phases = [ "installPhase" ];
|
||||||
|
|
||||||
buildInputs = with pkgs; [ openldap ];
|
buildInputs = with pkgs; [ openldap ];
|
||||||
|
|
||||||
installPhase = let
|
installPhase = let passwd = removeSuffix "\n" (readFile passwd-file);
|
||||||
passwd = removeSuffix "\n" (readFile passwd-file);
|
in ''
|
||||||
in ''
|
slappasswd -s ${passwd} | tr -d '\n' > $out
|
||||||
slappasswd -s ${passwd} | tr -d '\n' > $out
|
'';
|
||||||
'';
|
};
|
||||||
};
|
|
||||||
|
|
||||||
hash-ldap-passwd = name: passwd-file:
|
hash-ldap-passwd = name: passwd-file:
|
||||||
readFile "${hash-ldap-passwd-pkg name passwd-file}";
|
readFile "${hash-ldap-passwd-pkg name passwd-file}";
|
||||||
|
|
||||||
generate-random-passwd = name: length: pkgs.stdenv.mkDerivation {
|
generate-random-passwd = name: length:
|
||||||
name = "${name}-random-passwd";
|
pkgs.stdenv.mkDerivation {
|
||||||
|
name = "${name}-random-passwd";
|
||||||
|
|
||||||
phases = [ "installPhase" ];
|
phases = [ "installPhase" ];
|
||||||
|
|
||||||
buildInputs = with pkgs; [ pwgen ];
|
buildInputs = with pkgs; [ pwgen ];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
pwgen --secure --num-passwords=1 ${toString length} | tr -d '\n' > $out
|
pwgen --secure --num-passwords=1 ${toString length} | tr -d '\n' > $out
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
bcrypt-passwd-pkg = name: passwd-file: pkgs.stdenv.mkDerivation {
|
bcrypt-passwd-pkg = name: passwd-file:
|
||||||
name = "${name}-bcrypt";
|
pkgs.stdenv.mkDerivation {
|
||||||
|
name = "${name}-bcrypt";
|
||||||
|
|
||||||
phases = [ "installPhase" ];
|
phases = [ "installPhase" ];
|
||||||
|
|
||||||
buildInputs = with pkgs; [ apacheHttpd ];
|
buildInputs = with pkgs; [ apacheHttpd ];
|
||||||
|
|
||||||
installPhase = let
|
installPhase = let passwd = removeSuffix "\n" (readFile passwd-file);
|
||||||
passwd = removeSuffix "\n" (readFile passwd-file);
|
in ''
|
||||||
in ''
|
htpasswd -bnBC 10 "" ${passwd} | tr -d ':\n' | sed 's/$2y/$2a/' > $out
|
||||||
htpasswd -bnBC 10 "" ${passwd} | tr -d ':\n' | sed 's/$2y/$2a/' > $out
|
'';
|
||||||
'';
|
};
|
||||||
};
|
|
||||||
|
|
||||||
bcrypt-passwd = name: passwd-file:
|
bcrypt-passwd = name: passwd-file:
|
||||||
readFile "${bcrypt-passwd-pkg name passwd-file}";
|
readFile "${bcrypt-passwd-pkg name passwd-file}";
|
||||||
|
|
||||||
|
generate-stablerandom-passwd = name:
|
||||||
generate-stablerandom-passwd = name: { seed, length ? 20, ... }:
|
{ seed, length ? 20, ... }:
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
name = "${name}-stablerandom-passwd";
|
name = "${name}-stablerandom-passwd";
|
||||||
|
|
||||||
@ -59,7 +60,9 @@ let
|
|||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
echo "${name}-${seed}" > seedfile
|
echo "${name}-${seed}" > seedfile
|
||||||
pwgen --secure --num-passwords=1 -H seedfile ${toString length} | tr -d '\n' > $out
|
pwgen --secure --num-passwords=1 -H seedfile ${
|
||||||
|
toString length
|
||||||
|
} | tr -d '\n' > $out
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user