diff --git a/nix/configurations/vanadium/nixos/programs.nix b/nix/configurations/vanadium/nixos/programs.nix
index f66aed03..2f479f34 100644
--- a/nix/configurations/vanadium/nixos/programs.nix
+++ b/nix/configurations/vanadium/nixos/programs.nix
@@ -63,10 +63,10 @@
       enable = true;
       filters = ''
         category "Spotify" {
-          params "context@open.spotify.com" "si@open.spotify.com"
+          params "context@*spotify.com" "si@*spotify.com"
         }
         category "YouTube" {
-          params "si@youtu.be" "pp@youtu.be" "si@youtube.com" "pp@youtube.com"
+          params "si@youtu.be" "pp@youtu.be" "si@*youtube.com" "pp@*youtube.com"
         }
         category "WTF" {
           params "utm_*"
diff --git a/nix/configurations/vanadium/nixos/secure_dns.nix b/nix/configurations/vanadium/nixos/secure_dns.nix
index eebd747a..1aeeff7f 100644
--- a/nix/configurations/vanadium/nixos/secure_dns.nix
+++ b/nix/configurations/vanadium/nixos/secure_dns.nix
@@ -29,41 +29,18 @@
 
       # Blocklists are made of one pattern per line.
       # https://github.com/DNSCrypt/dnscrypt-proxy/blob/fa59f990431a49b6485f63f96601bc7e64017bf8/dnscrypt-proxy/example-dnscrypt-proxy.toml#L583C4-L583C75
-      blocked_names.blocked_names_file = let
+      blocked_names.blocked_names_file = pkgs.concatText "dnsblocklist_combined" [
         # Prevent building up reliance on chatbots
         # Gotta preserve that thinking ability of my smoof bwain
-        ai_list = let
-          src = pkgs.fetchFromGitHub {
-            owner = "laylavish";
-            repo = "uBlockOrigin-HUGE-AI-Blocklist";
-            rev = "9bb188e2701138e03f73bacebd6b19b181ca0012";
-            hash = "sha256-p3wfR28DH6V8BHn9DT10d09Yq3mdbBecWwlR1CdDYUA=";
-          };
-        in
-          lib.pipe (builtins.readFile "${src}/noai_hosts.txt") [
-            (lib.replaceStrings ["\r\n"] ["\n"]) # convert to unix ending just in case
-            (lib.splitString "\n")
-            (builtins.filter (x: ! (x == "" || lib.hasPrefix "#" x)))
-            (builtins.map (x: builtins.elemAt (lib.splitString " " x) 1)) # remove 0.0.0.0
-          ];
+        pkgs.ai_blocklist
+        pkgs.hategroup_blocklist
 
-        hategroup_list = let
-          src = pkgs.fetchFromGitHub {
-            owner = "chigh";
-            repo = "hategroup-dnsbl";
-            rev = "cc19c050997d5f54014bb20c764b131e003dfb17";
-            hash = "sha256-SZBrjIBUw687MdrbOV7WrP5IhAAtKvPL2GqdcICHNvQ=";
-          };
-        in
-          lib.pipe (builtins.readFile "${src}/blocklist.txt") [
-            (lib.replaceStrings ["\r\n"] ["\n"]) # convert to unix ending just in case
-            (lib.splitString "\n")
-            (builtins.filter (x: ! (x == "" || lib.hasPrefix "#" x)))
-          ];
-
-        combined_lists = ai_list ++ hategroup_list;
-      in
-        pkgs.writeText "dnsblocklist" (builtins.concatStringsSep "\n" combined_lists);
+        # Gotta purify my smoos brain for a while
+        (pkgs.writeText "extra_dns_blocklist" ''
+          instagram.com
+          youtube.com
+        '')
+      ];
 
       # Add this to test if dnscrypt-proxy is actually used to resolve DNS requests
       # query_log.file = "/var/log/dnscrypt-proxy/query.log";
diff --git a/nix/packages/by-name/ai_blocklist/package.nix b/nix/packages/by-name/ai_blocklist/package.nix
new file mode 100644
index 00000000..dc8967a8
--- /dev/null
+++ b/nix/packages/by-name/ai_blocklist/package.nix
@@ -0,0 +1,23 @@
+{
+  fetchFromGitHub,
+  stdenvNoCC,
+  lib,
+}: let
+  rev = "9bb188e2701138e03f73bacebd6b19b181ca0012";
+in
+  stdenvNoCC.mkDerivation {
+    pname = "ai_blocklist";
+    version = "unstable-" + lib.substring 0 8 rev;
+
+    src = fetchFromGitHub {
+      owner = "laylavish";
+      repo = "uBlockOrigin-HUGE-AI-Blocklist";
+      inherit rev;
+      hash = "sha256-p3wfR28DH6V8BHn9DT10d09Yq3mdbBecWwlR1CdDYUA=";
+    };
+
+    installPhase = ''
+      cp noai_hosts.txt $out
+      sed -i 's/^0.0.0.0 //' $out
+    '';
+  }
diff --git a/nix/packages/by-name/hategroup_blocklist/package.nix b/nix/packages/by-name/hategroup_blocklist/package.nix
new file mode 100644
index 00000000..09d1b687
--- /dev/null
+++ b/nix/packages/by-name/hategroup_blocklist/package.nix
@@ -0,0 +1,22 @@
+{
+  fetchFromGitHub,
+  stdenvNoCC,
+  lib,
+}: let
+  rev = "cc19c050997d5f54014bb20c764b131e003dfb17";
+in
+  stdenvNoCC.mkDerivation {
+    pname = "hategroup_blocklist";
+    version = "unstable-" + lib.substring 0 8 rev;
+
+    src = fetchFromGitHub {
+      owner = "chigh";
+      repo = "hategroup-dnsbl";
+      inherit rev;
+      hash = "sha256-SZBrjIBUw687MdrbOV7WrP5IhAAtKvPL2GqdcICHNvQ=";
+    };
+
+    installPhase = ''
+      cp blocklist.txt $out
+    '';
+  }