Slack blocking on work computer - website blocking

Isomorph70 · May 2, 2024, 12:30pm

I am building a NixOs work computer. But I would like to block time consuming web site on my
work computer, like YouTube and Facebook, since my self control are weak at times.

I have tried to setup blocky, but I can not get it to work.
blocky is running , but it don’t block YouTube or Facebook.

Here is my blocky configuration file.

blocking:
  blackLists:
    ads:
    - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    adult:
    - https://blocklistproject.github.io/Lists/porn.txt
    slack:
    - |
      example.com
      youtube.com
      youtube-ui.l.google.com
      www.youtube.com
      youtube.de
      www.youtube.com
      m.youtube.com
      youtu.be
      facebook.com
      facebook.net
      fbcdn.net
      fbsbx.com
      facebook.com
      messenger.com
      xx.fbcdn.net
      xy.fbcdn.net
      xz.fbcdn.net
      facebook.com
      messenger.com
  clientGroupsBlock:
    default:
    - ads
    - slack
    kids-ipad:
    - ads
    - adult
bootstrapDns:
  ips:
  - 1.1.1.1
  - 1.0.0.1
  upstream: https://one.one.one.one/dns-query
ports:
  dns: 53
upstreams:
  groups:
    default:
    - 84.238.0.130
    - 84.238.6.254
    - 192.168.1.1

adomixaszvers · May 2, 2024, 1:03pm

Your machine might not be using blocky as a DNS service. If you’re using static IP try using networking.nameservers = [ "127.0.0.1" ];.

Isomorph70 · May 2, 2024, 2:03pm

You might be right in your first statement. As for IP I am behind my own router, my ISP gives me a dynamic IP.

[shs@cynix:~]$ nix-shell -p dig

[nix-shell:~]$ nslookup youtube.com
Server:		84.238.0.130
Address:	84.238.0.130#53

Non-authoritative answer:
Name:	youtube.com
Address: 142.250.74.174
Name:	youtube.com
Address: 2a00:1450:400f:805::200e


[nix-shell:~]$ ifconfig 
eno1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 74:27:ea:52:63:a7  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7d00000-f7d20000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 84  bytes 7480 (7.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 84  bytes 7480 (7.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s29u1u1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.110  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fde4:9a1a:b30d:0:c822:6efc:5282:b769  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::aaea:7980:5b0f:978  prefixlen 64  scopeid 0x20<link>
        inet6 fde4:9a1a:b30d:0:3966:8bfe:2268:2da5  prefixlen 64  scopeid 0x0<global>
        ether 00:22:b0:0d:17:97  txqueuelen 1000  (Ethernet)
        RX packets 652099  bytes 847408801 (808.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 343106  bytes 50809312 (48.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

adomixaszvers · May 2, 2024, 2:19pm

So, 84.238.0.130 is used as DNS. You should change your blocky upstream to that IP and try networking.nameservers = [ "127.0.0.1" ]. Then nslookup should show Server: 127.0.0.1.

Isomorph70 · May 2, 2024, 8:54pm

The blocking step is now working, if I start blocky manually.

The next problem is that , getting configuration.nix to generate the correct yaml config file.

The problem is generating the inline code, under the slack group.

blocking:
  blackLists:
    ads:
    - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    adult:
    - https://blocklistproject.github.io/Lists/porn.txt
    slack:
    - |
      www.youtube.com
      www.facebook.com

The entry in my configuration.nix look like this.

  networking.nameservers = [ "127.0.0.1" ];

  services.blocky = {
    enable = true;
    # enable = false;
    settings = {
      ports.dns = 53; # Port for incoming DNS Queries.
      upstreams.groups.default = [ "84.238.0.130" "84.238.6.254" "192.168.1.1" ];

      # For initially solving DoH/DoT Requests when no system Resolver is available.
      bootstrapDns = {
        upstream = "https://one.one.one.one/dns-query";
        ips = [ "1.1.1.1" "1.0.0.1" ];
      };
      #Enable Blocking of certian domains.
      blocking = {
        blackLists = {
          #Adblocking
          ads = ["https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"];
          #Another filter for blocking adult sites
          adult = ["https://blocklistproject.github.io/Lists/porn.txt"];
          #You can add additional categories
          slack = [ "www.youtube.com" "www.facebook.com"  ]; 
        };
     
      #Configure what block categories are used
      	clientGroupsBlock = {
        	default = [ "ads" "slack" ];
        	kids-ipad = ["ads" "adult"];
      	};
      };	
    };
  };

Isomorph70 · May 3, 2024, 1:49pm

Defining the inline code like this

          slack = [ "|\nwww.youtube.com\nwww.facebook.com" ];

will generate YAML like this.

    slack:
    - '|

      www.youtube.com

      www.facebook.com'

It don’t look perfect, but it actually works.