Hosts blocklist whitelist

athyfr · February 25, 2025, 2:03am

If I’m customizing my hosts blocklist like so:

  networking.hostFiles = [
      # StevenBlack's Fakenews, Gambling, and Porn blocklist
      (
        pkgs.fetchFromGitHub {
          owner = "StevenBlack";
          repo = "hosts";
          rev = "master";
          hash = "sha256-hcvOs96apLZFVv1Fn9FUxS3VQQeP7h/IC2E3xOqcrZY=";
        }
        + "/alternates/fakenews-gambling-porn/hosts"
      )

      # Blocklist Project's Malware blocklist
      (pkgs.fetchurl {
        url = "https://blocklistproject.github.io/Lists/malware.txt";
        hash = "sha256-HWNBa8k34NLDetBgQGaxrnp5VhC9EnZStFr/4ndceC4=";
      })

      # etc.
  ];

how might I define a whitelist?

I’m open to alternative (advanced, custom) solutions.

Is there some kind of way to find and delete lines of a file based on regex, (after maybe concatenating the blocklists into one file)?

Are these types of file operations available in Nix/Nixpkgs, or would I have to configure it to call shell commands?

I’m relatively new to Nix and NixOS, so any help is appreciated!

EDIT: Shrunk the code snippet to improve brevity/readability.

Also, just a smaller thing, is there an option in fetchurl or similar to not require checking against the hash? With many frequently updated blocklists, it is a bit of a nuisance to have to go and manually update all the hashes whenever I update.

ZenoArrow · February 25, 2025, 2:46pm

One alternative would be to use Blocky:
https://nixos.wiki/wiki/Blocky

It supports setting blacklists and whitelists:

athyfr · February 25, 2025, 5:40pm

I tried using Blocky in the past, but had bad experience with it.

It was eating a whole bunch of CPU processing power, and in addition, it didn’t even seem to be working (though that may have only been this problem)

I’ll try it again, but I would prefer to do it purely in Nix if possible, (to ensure minimal overhead, and potentially higher flexibility.)

waffle8946 · February 25, 2025, 5:50pm

You can write blocky config using nix (I certainly do).

athyfr · February 27, 2025, 1:53am

I’ve decided to use Dnsmasq for now, which is supposed to be lightweight, and seems to be similarly capable to Blocky. (Anything it lacks in relation to Blocky should be possible through Nix code, specifically the organization system.)

It has a NixOS module (alike to Blocky,) so it should be easy to use.

Thanks for the help @ZenoArrow and @waffle8946!

athyfr · March 18, 2025, 6:40pm

Dnsmasq + other things was too complex to set up.

I’m now contributing to Nix Blocklist Updater to bring it to what I need.