styx/styx.hcl

proxy {
    # TCP listen address
    listen = ":3128"

    # TCP bind address for outgoing connections
    #bind = "10.42.42.215"
    # Interface for outgoign connections
    #interface = "en1"

    # Upstream proxies
    upstream = []   


    policy {
        on intercept {
            domain = ["sensitive"]
            permit = false
        }

        on request {
            source = ["kids"]
            domain = ["nsfw"]
            permit = false
        }

        on request {
            source = ["kids"]
            domain = ["nsfw"]
            permit = false
        }

        on days {
            days = "mon-thu,sun"
            on time {
                time = ["22:00", "06:00"]
                on request {
                    source = ["kids"]
                    domain = ["social"]
                    permit = false
                }
            }
        }
    }
}

dns {
    # Set the cache size
    #size = 1024

    # Set the time to live for positive responses (in seconds)
    #ttl = 300

    # Set the resolve timeout (in seconds)
    #timeout = 10

    # Set the DNS servers
    #servers = ["1.1.1.1", "8.8.8.8"]

    # Disable IPv6
    noipv6 = true
}

mitm {
    ca {
        cert     = "testdata/ca.crt"
        key      = "testdata/ca.key"
        key_type = "ecc"
        days     = 1825
        organization = "maze.io"
    }

    key {
        type = "rsa"
        bits = 2048
    }

    cache {
        #type = "memory" 
        type = "disk"
        path = "testdata/mitm"
        expire = 10
    }
}

cache {
    type = "memory"
    size = 10485760
}

match {
    path = "testdata/match"

    network "internal" {
        type = "list"
        list = [
            "0.0.0.0/32",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "fe80::/10",
        ]
    }

    network "kids" {
        type = "list"
        list = ["10.42.66.0/24"]
    }

    domain "sensitive" {
        type = "list"
        list = [
            # Banking
            "abnamro.nl",
            "knab.nl",
            "rabobank.nl",
            
            # Government
            "belastingdienst.nl",
            "digid.nl",

            # Messaging
            "signal.org",
            "telegram.org",
            "whatsapp.net",
            "whatsapp.com",
        ]
    }

    domain "social" {
        type = "list"
        list = [
            "pinterest.com",
            "reddit.com",
            "x.com",
            # YouTube
            "googlevideo.com",
            "youtube.com",
            "youtu.be",
            "ytimg.com",
        ]
    }

    domain "nsfw" {
        type = "domains"
        from = "https://energized.pro/nsfw/domains.txt"
        refresh = 43200 # 12h
    }

    domain "ads" {
        type = "detect"
        from = "https://small.oisd.nl/dnsmasq"
        refresh = 12
    }
}