styx/styx.hcl

proxy {
    # TCP listen address
    port ":3128" {}
    port ":3129" {
        tls {
            ca = "testdata/ca.crt"
            cert = "testdata/ca.crt"
            key = "testdata/ca.key"
        }

        # Transparent proxy for targets on port 80
        transparent = 80
    }
    port ":3130" {
        tls {
            cert = "testdata/ca.crt"
            key = "testdata/ca.key"
        }

        # Transparent proxy for targets on port 443
        transparent = 443
    }
    
    # TCP bind address for outgoing connections
    #bind = "10.42.42.215"
    # Interface for outgoign connections
    #interface = "en1"

    # Upstream proxies
    upstream = []   


    on {
        dial = ["bogons", "childsafe"]
        forward = ["bogons", "childsafe"]
    }
}

ca {
    cert = "testdata/ca.crt"
    key = "testdata/ca.key"
}

policy "intercept" {
    path = "testdata/policy/styx/intercept.rego"
    package = "styx.intercept"
}
 
policy "bogons" {
    path = "testdata/policy/styx/bogons.rego"
}

policy "childsafe" {
    path = "testdata/policy/custom/childsafe.rego"
    package = "custom"
}

data {
    path = "testdata/match"

    storage {
        type = "bolt"
        path = "testdata/styx.bolt"
        #type = "sqlite"
        #path = "testdata/styx.db"
    }

    network "reserved" {
        type = "list"
        list = [
            "0.0.0.0/32",
            "127.0.0.0/8",
            "169.254.0.0/16",
            "fe80::/10",
        ]
    }

    network "kids" {
        type = "list"
        list = ["10.42.66.0/24"]
    }

    domain "sensitive" {
        type = "list"
        list = [
            # Banking
            "abnamro.nl",
            "knab.nl",
            "rabobank.nl",
            
            # Government
            "belastingdienst.nl",
            "digid.nl",

            # Messaging
            "signal.org",
            "telegram.org",
            "whatsapp.net",
            "whatsapp.com",
        ]
    }

    domain "social" {
        type = "list"
        list = [
            "facebook.com",
            "facebook.net",
            "fbsbx.com",
            "pinterest.com",
            "reddit.com",
            # TikTok
            "isnssdk.com",
            "musical.ly",
            "musically.app.link",
            "musically-alternate.app.link",
            "musemuse.cn",
            "sgsnssdk.com",
            "tiktok.com",
            "tiktok.org",
            "tiktokcdn.com",
            "tiktokcdn-eu.com",
            "tiktokv.com",
            # X
            "twitter.com",
            "x.com",
            # YouTube
            "googlevideo.com",
            "youtube.com",
            "youtu.be",
            "ytimg.com",
        ]
    }

    domain "toxic" {
        type = "list"
        list = []
    }

    #domain "nsfw" {
    #    type = "domains"
    #    from = "https://energized.pro/nsfw/domains.txt"
    #    refresh = 43200 # 12h
    #}
    #
    #domain "ads" {
    #    type = "detect"
    #    from = "https://small.oisd.nl/dnsmasq"
    #    refresh = 12
    #}
}