44 lines
933 B
Nix
44 lines
933 B
Nix
{ pkgs, ... }:
|
|
let
|
|
inherit (builtins) concatStringsSep;
|
|
inherit (pkgs) fetchFromGitHub stdenv gnugrep;
|
|
inherit (builtins) readFile fetchurl;
|
|
|
|
hosts = stdenv.mkDerivation {
|
|
name = "hosts";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "StevenBlack";
|
|
repo = "hosts";
|
|
rev = "a204d5a1e9049dd12378fa5f9c5ab3fc6bf3d63e";
|
|
hash = "sha256-8WVEvpxxvxmOpP1XVgO2GFAbEHO1QileWZ3behpgYEs=";
|
|
};
|
|
|
|
nativeBuildInputs = [ gnugrep ];
|
|
|
|
installPhase = ''
|
|
mkdir -p $out/etc
|
|
|
|
# filter whitelist
|
|
grep -Ev '(${whitelist})' hosts > $out/etc/hosts
|
|
|
|
# filter blacklist
|
|
cat << EOF >> $out/etc/hosts
|
|
${blacklist}
|
|
EOF
|
|
'';
|
|
};
|
|
|
|
whitelist = concatStringsSep "|" [ ".*pirate(bay|proxy).*" ];
|
|
|
|
blacklist = concatStringsSep ''
|
|
|
|
0.0.0.0 ''
|
|
[
|
|
"# auto-generated: must be first"
|
|
|
|
# starts here
|
|
];
|
|
|
|
in
|
|
{ networking.extraHosts = readFile "${hosts}/etc/hosts"; }
|