From adf81cc4bd027a667191e921e612cae7a6e3b72c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 31 Oct 2025 11:33:32 +0800
Subject: [PATCH 1/5] vanadium/url-eater: correct url matching

---
 nix/configurations/vanadium/nixos/programs.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nix/configurations/vanadium/nixos/programs.nix b/nix/configurations/vanadium/nixos/programs.nix
index f66aed03..2f479f34 100644
--- a/nix/configurations/vanadium/nixos/programs.nix
+++ b/nix/configurations/vanadium/nixos/programs.nix
@@ -63,10 +63,10 @@
       enable = true;
       filters = ''
         category "Spotify" {
-          params "context@open.spotify.com" "si@open.spotify.com"
+          params "context@*spotify.com" "si@*spotify.com"
         }
         category "YouTube" {
-          params "si@youtu.be" "pp@youtu.be" "si@youtube.com" "pp@youtube.com"
+          params "si@youtu.be" "pp@youtu.be" "si@*youtube.com" "pp@*youtube.com"
         }
         category "WTF" {
           params "utm_*"

From 12ccc6c61994ccde566621521b0ed5a99340bcbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 31 Oct 2025 12:05:03 +0800
Subject: [PATCH 2/5] packages/ai_blocklist: init

---
 nix/packages/by-name/ai_blocklist/package.nix | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 nix/packages/by-name/ai_blocklist/package.nix

diff --git a/nix/packages/by-name/ai_blocklist/package.nix b/nix/packages/by-name/ai_blocklist/package.nix
new file mode 100644
index 00000000..dc8967a8
--- /dev/null
+++ b/nix/packages/by-name/ai_blocklist/package.nix
@@ -0,0 +1,23 @@
+{
+  fetchFromGitHub,
+  stdenvNoCC,
+  lib,
+}: let
+  rev = "9bb188e2701138e03f73bacebd6b19b181ca0012";
+in
+  stdenvNoCC.mkDerivation {
+    pname = "ai_blocklist";
+    version = "unstable-" + lib.substring 0 8 rev;
+
+    src = fetchFromGitHub {
+      owner = "laylavish";
+      repo = "uBlockOrigin-HUGE-AI-Blocklist";
+      inherit rev;
+      hash = "sha256-p3wfR28DH6V8BHn9DT10d09Yq3mdbBecWwlR1CdDYUA=";
+    };
+
+    installPhase = ''
+      cp noai_hosts.txt $out
+      sed -i 's/^0.0.0.0 //' $out
+    '';
+  }

From 3eb030b8f42d8ae85414a16a509e190a574df102 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 31 Oct 2025 12:08:50 +0800
Subject: [PATCH 3/5] packages/hategroup_blocklist: init

---
 .../by-name/hategroup_blocklist/package.nix   | 22 +++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 nix/packages/by-name/hategroup_blocklist/package.nix

diff --git a/nix/packages/by-name/hategroup_blocklist/package.nix b/nix/packages/by-name/hategroup_blocklist/package.nix
new file mode 100644
index 00000000..09d1b687
--- /dev/null
+++ b/nix/packages/by-name/hategroup_blocklist/package.nix
@@ -0,0 +1,22 @@
+{
+  fetchFromGitHub,
+  stdenvNoCC,
+  lib,
+}: let
+  rev = "cc19c050997d5f54014bb20c764b131e003dfb17";
+in
+  stdenvNoCC.mkDerivation {
+    pname = "hategroup_blocklist";
+    version = "unstable-" + lib.substring 0 8 rev;
+
+    src = fetchFromGitHub {
+      owner = "chigh";
+      repo = "hategroup-dnsbl";
+      inherit rev;
+      hash = "sha256-SZBrjIBUw687MdrbOV7WrP5IhAAtKvPL2GqdcICHNvQ=";
+    };
+
+    installPhase = ''
+      cp blocklist.txt $out
+    '';
+  }

From 7a613e9a43e1abd5f07bd69ec70310f302e758c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 31 Oct 2025 12:17:40 +0800
Subject: [PATCH 4/5] vanadium/secure_dns: simplify blocklist management

---
 .../vanadium/nixos/secure_dns.nix             | 37 ++-----------------
 1 file changed, 4 insertions(+), 33 deletions(-)

diff --git a/nix/configurations/vanadium/nixos/secure_dns.nix b/nix/configurations/vanadium/nixos/secure_dns.nix
index eebd747a..1a75be76 100644
--- a/nix/configurations/vanadium/nixos/secure_dns.nix
+++ b/nix/configurations/vanadium/nixos/secure_dns.nix
@@ -29,41 +29,12 @@
 
       # Blocklists are made of one pattern per line.
       # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75
-      blocked_names.blocked_names_file = let
+      blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [
         # Prevent building up reliance on chatbots
         # Gotta preserve that thinking ability of my smoof bwain
-        ai_list = let
-          src = pkgs.fetchFromGitHub {
-            owner = "laylavish";
-            repo = "uBlockOrigin-HUGE-AI-Blocklist";
-            rev = "9bb188e2701138e03f73bacebd6b19b181ca0012";
-            hash = "sha256-p3wfR28DH6V8BHn9DT10d09Yq3mdbBecWwlR1CdDYUA=";
-          };
-        in
-          lib.pipe (builtins.readFile "${src}/noai_hosts.txt") [
-            (lib.replaceStrings ["\r\n"] ["\n"]) # convert to unix ending just in case
-            (lib.splitString "\n")
-            (builtins.filter (x: ! (x == "" || lib.hasPrefix "#" x)))
-            (builtins.map (x: builtins.elemAt (lib.splitString " " x) 1)) # remove 0.0.0.0
-          ];
-
-        hategroup_list = let
-          src = pkgs.fetchFromGitHub {
-            owner = "chigh";
-            repo = "hategroup-dnsbl";
-            rev = "cc19c050997d5f54014bb20c764b131e003dfb17";
-            hash = "sha256-SZBrjIBUw687MdrbOV7WrP5IhAAtKvPL2GqdcICHNvQ=";
-          };
-        in
-          lib.pipe (builtins.readFile "${src}/blocklist.txt") [
-            (lib.replaceStrings ["\r\n"] ["\n"]) # convert to unix ending just in case
-            (lib.splitString "\n")
-            (builtins.filter (x: ! (x == "" || lib.hasPrefix "#" x)))
-          ];
-
-        combined_lists = ai_list ++ hategroup_list;
-      in
-        pkgs.writeText "dnsblocklist" (builtins.concatStringsSep "\n" combined_lists);
+        pkgs.ai_blocklist
+        pkgs.hategroup_blocklist
+      ];
 
       # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests
       # query_log.file = "/var/log/dnscrypt-proxy/query.log";

From a135fecd684c0aaa45fe229fd713eb8a37129466 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Fri, 31 Oct 2025 12:27:41 +0800
Subject: [PATCH 5/5] vanadium/secure_dns: block some domains for a while

---
 nix/configurations/vanadium/nixos/secure_dns.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/nix/configurations/vanadium/nixos/secure_dns.nix b/nix/configurations/vanadium/nixos/secure_dns.nix
index 1a75be76..1aeeff7f 100644
--- a/nix/configurations/vanadium/nixos/secure_dns.nix
+++ b/nix/configurations/vanadium/nixos/secure_dns.nix
@@ -34,6 +34,12 @@
         # Gotta preserve that thinking ability of my smoof bwain
         pkgs.ai_blocklist
         pkgs.hategroup_blocklist
+
+        # Gotta purify my smoos brain for a while
+        (pkgs.writeText "extra_dns_blocklist" ''
+          instagram.com
+          youtube.com
+        '')
       ];
 
       # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests