Update to use newest Python
This commit is contained in:
parent
e2ce36d2f8
commit
ed86976d84
|
|
@ -9,18 +9,17 @@ let
|
||||||
get-basename = filename:
|
get-basename = filename:
|
||||||
head (builtins.match "^[a-zA-Z0-9]+-(.+)$" (baseNameOf filename));
|
head (builtins.match "^[a-zA-Z0-9]+-(.+)$" (baseNameOf filename));
|
||||||
|
|
||||||
format-json-file = filename: pkgs.stdenv.mkDerivation {
|
format-json-file = filename:
|
||||||
name = "formatted-${get-basename filename}";
|
pkgs.stdenv.mkDerivation {
|
||||||
phases = [ "installPhase" ];
|
name = "formatted-${get-basename filename}";
|
||||||
buildInputs = with pkgs; [ python ];
|
phases = [ "installPhase" ];
|
||||||
installPhase = "python -mjson.tool ${filename} > $out";
|
buildInputs = with pkgs; [ python3 ];
|
||||||
};
|
installPhase = "python -mjson.tool ${filename} > $out";
|
||||||
|
};
|
||||||
|
|
||||||
admin-passwd-file =
|
admin-passwd-file =
|
||||||
pkgs.lib.passwd.stablerandom-passwd-file
|
pkgs.lib.passwd.stablerandom-passwd-file "adguard-dns-proxy-admin"
|
||||||
"adguard-dns-proxy-admin"
|
config.instance.build-seed;
|
||||||
config.instance.build-seed;
|
|
||||||
|
|
||||||
filterOpts = {
|
filterOpts = {
|
||||||
options = with types; {
|
options = with types; {
|
||||||
|
|
@ -41,50 +40,39 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
generate-config = { dns,
|
generate-config = { dns, http, filters, verbose, upstream-dns, bootstrap-dns
|
||||||
http,
|
, blocked-hosts, enable-dnssec, local-domain-name, ... }: {
|
||||||
filters,
|
bind_host = http.listen-ip;
|
||||||
verbose,
|
bind_port = http.listen-port;
|
||||||
upstream-dns,
|
users = [{
|
||||||
bootstrap-dns,
|
|
||||||
blocked-hosts,
|
|
||||||
enable-dnssec,
|
|
||||||
local-domain-name,
|
|
||||||
... }: {
|
|
||||||
bind_host = http.listen-ip;
|
|
||||||
bind_port = http.listen-port;
|
|
||||||
users = [
|
|
||||||
{
|
|
||||||
name = "admin";
|
name = "admin";
|
||||||
password = pkgs.lib.passwd.bcrypt-passwd
|
password = pkgs.lib.passwd.bcrypt-passwd "adguard-dns-proxy-admin"
|
||||||
"adguard-dns-proxy-admin"
|
|
||||||
admin-passwd-file;
|
admin-passwd-file;
|
||||||
}
|
}];
|
||||||
];
|
auth_attempts = 5;
|
||||||
auth_attempts = 5;
|
block_auth_min = 30;
|
||||||
block_auth_min = 30;
|
web_session_ttl = 720;
|
||||||
web_session_ttl = 720;
|
dns = {
|
||||||
dns = {
|
bind_hosts = dns.listen-ips;
|
||||||
bind_hosts = dns.listen-ips;
|
port = dns.listen-port;
|
||||||
port = dns.listen-port;
|
upstream_dns = upstream-dns;
|
||||||
upstream_dns = upstream-dns;
|
bootstrap_dns = bootstrap-dns;
|
||||||
bootstrap_dns = bootstrap-dns;
|
blocking_mode = "default";
|
||||||
blocking_mode = "default";
|
blocked_hosts = blocked-hosts;
|
||||||
blocked_hosts = blocked-hosts;
|
enable_dnssec = enable-dnssec;
|
||||||
enable_dnssec = enable-dnssec;
|
local_domain_name = local-domain-name;
|
||||||
local_domain_name = local-domain-name;
|
};
|
||||||
|
tls.enabled = false;
|
||||||
|
filters = imap1 (i: filter: {
|
||||||
|
enabled = true;
|
||||||
|
name = filter.name;
|
||||||
|
url = filter.url;
|
||||||
|
}) filters;
|
||||||
|
dhcp.enabled = false;
|
||||||
|
clients = [ ];
|
||||||
|
verbose = verbose;
|
||||||
|
schema_version = 10;
|
||||||
};
|
};
|
||||||
tls.enabled = false;
|
|
||||||
filters = imap1 (i: filter: {
|
|
||||||
enabled = true;
|
|
||||||
name = filter.name;
|
|
||||||
url = filter.url;
|
|
||||||
}) filters;
|
|
||||||
dhcp.enabled = false;
|
|
||||||
clients = [];
|
|
||||||
verbose = verbose;
|
|
||||||
schema_version = 10;
|
|
||||||
};
|
|
||||||
|
|
||||||
generate-config-file = opts:
|
generate-config-file = opts:
|
||||||
format-json-file (pkgs.writeText "adguard-dns-proxy-config.yaml"
|
format-json-file (pkgs.writeText "adguard-dns-proxy-config.yaml"
|
||||||
|
|
@ -127,7 +115,8 @@ in {
|
||||||
default = [
|
default = [
|
||||||
{
|
{
|
||||||
name = "AdGuard DNS filter";
|
name = "AdGuard DNS filter";
|
||||||
url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
|
url =
|
||||||
|
"https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "AdAway Default Blocklist";
|
name = "AdAway Default Blocklist";
|
||||||
|
|
@ -147,11 +136,7 @@ in {
|
||||||
blocked-hosts = mkOption {
|
blocked-hosts = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
description = "List of hosts to explicitly block.";
|
description = "List of hosts to explicitly block.";
|
||||||
default = [
|
default = [ "version.bind" "id.server" "hostname.bind" ];
|
||||||
"version.bind"
|
|
||||||
"id.server"
|
|
||||||
"hostname.bind"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
enable-dnssec = mkOption {
|
enable-dnssec = mkOption {
|
||||||
|
|
@ -193,7 +178,8 @@ in {
|
||||||
|
|
||||||
allowed-networks = mkOption {
|
allowed-networks = mkOption {
|
||||||
type = nullOr (listOf str);
|
type = nullOr (listOf str);
|
||||||
description = "Optional list of networks with which this job may communicate.";
|
description =
|
||||||
|
"Optional list of networks with which this job may communicate.";
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -220,9 +206,7 @@ in {
|
||||||
group = cfg.user;
|
group = cfg.user;
|
||||||
};
|
};
|
||||||
|
|
||||||
groups.${cfg.user} = {
|
groups.${cfg.user} = { members = [ cfg.user ]; };
|
||||||
members = [ cfg.user ];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fudo = {
|
fudo = {
|
||||||
|
|
@ -234,39 +218,40 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.services.adguard-dns-proxy = let
|
system.services.adguard-dns-proxy =
|
||||||
cfg-path = "/run/adguard-dns-proxy/config.yaml";
|
let cfg-path = "/run/adguard-dns-proxy/config.yaml";
|
||||||
in {
|
in {
|
||||||
description = "DNS Proxy for ad filtering and DNS-over-HTTPS lookups.";
|
description =
|
||||||
wantedBy = [ "default.target" ];
|
"DNS Proxy for ad filtering and DNS-over-HTTPS lookups.";
|
||||||
after = [ "syslog.target" ];
|
wantedBy = [ "default.target" ];
|
||||||
requires = [ "network.target" ];
|
after = [ "syslog.target" ];
|
||||||
privateNetwork = false;
|
requires = [ "network.target" ];
|
||||||
requiredCapabilities = optional upgrade-perms "CAP_NET_BIND_SERVICE";
|
privateNetwork = false;
|
||||||
restartWhen = "always";
|
requiredCapabilities = optional upgrade-perms "CAP_NET_BIND_SERVICE";
|
||||||
addressFamilies = null;
|
restartWhen = "always";
|
||||||
networkWhitelist = cfg.allowed-networks;
|
addressFamilies = null;
|
||||||
user = mkIf upgrade-perms cfg.user;
|
networkWhitelist = cfg.allowed-networks;
|
||||||
runtimeDirectory = "adguard-dns-proxy";
|
user = mkIf upgrade-perms cfg.user;
|
||||||
stateDirectory = "adguard-dns-proxy";
|
runtimeDirectory = "adguard-dns-proxy";
|
||||||
preStart = ''
|
stateDirectory = "adguard-dns-proxy";
|
||||||
cp ${generate-config-file cfg} ${cfg-path};
|
preStart = ''
|
||||||
chown $USER ${cfg-path};
|
cp ${generate-config-file cfg} ${cfg-path};
|
||||||
chmod u+w ${cfg-path};
|
chown $USER ${cfg-path};
|
||||||
'';
|
chmod u+w ${cfg-path};
|
||||||
|
'';
|
||||||
|
|
||||||
execStart = let
|
execStart = let
|
||||||
args = [
|
args = [
|
||||||
"--no-check-update"
|
"--no-check-update"
|
||||||
"--work-dir /var/lib/adguard-dns-proxy"
|
"--work-dir /var/lib/adguard-dns-proxy"
|
||||||
"--pidfile /run/adguard-dns-proxy/adguard-dns-proxy.pid"
|
"--pidfile /run/adguard-dns-proxy/adguard-dns-proxy.pid"
|
||||||
"--host ${cfg.http.listen-ip}"
|
"--host ${cfg.http.listen-ip}"
|
||||||
"--port ${toString cfg.http.listen-port}"
|
"--port ${toString cfg.http.listen-port}"
|
||||||
"--config ${cfg-path}"
|
"--config ${cfg-path}"
|
||||||
];
|
];
|
||||||
arg-string = concatStringsSep " " args;
|
arg-string = concatStringsSep " " args;
|
||||||
in "${pkgs.adguardhome}/bin/adguardhome ${arg-string}";
|
in "${pkgs.adguardhome}/bin/adguardhome ${arg-string}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue