diff --git a/home/scripts/dns/dnsblock-norestart.sh b/home/scripts/dns/dnsblock-norestart.sh
new file mode 100755
index 0000000..a74f0a0
--- /dev/null
+++ b/home/scripts/dns/dnsblock-norestart.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+OP=${1:-}; DOMAIN=${2:-}
+[[ $OP =~ ^(on|off)$ && -n $DOMAIN ]] || {
+    echo "usage: dnsblock on|off <domain>"; exit 1; }
+
+FILE="/var/lib/dnsmasq/conf.d/block-$DOMAIN.conf"
+
+if [[ $OP == on ]]; then
+    sudo tee "$FILE" >/dev/null <<EOF
+address=/${DOMAIN}/0.0.0.0
+address=/${DOMAIN}/::
+EOF
+else
+    sudo rm -f "$FILE"
+fi
diff --git a/home/scripts/dns/dnsblock.sh b/home/scripts/dns/dnsblock.sh
new file mode 100755
index 0000000..2ee8f71
--- /dev/null
+++ b/home/scripts/dns/dnsblock.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+OP=${1:-}; DOMAIN=${2:-}
+[[ $OP =~ ^(on|off)$ && -n $DOMAIN ]] || {
+    echo "usage: dnsblock on|off <domain>"; exit 1; }
+
+FILE="/var/lib/dnsmasq/conf.d/block-$DOMAIN.conf"
+
+if [[ $OP == on ]]; then
+    sudo tee "$FILE" >/dev/null <<EOF
+address=/${DOMAIN}/0.0.0.0
+address=/${DOMAIN}/::
+EOF
+else
+    sudo rm -f "$FILE"
+fi
+
+sudo systemctl restart dnsmasq
+# sudo systemctl reload dnsmasq
diff --git a/system/networking/blockers.sh b/system/networking/blockers.sh
new file mode 100644
index 0000000..efdeb99
--- /dev/null
+++ b/system/networking/blockers.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+websites=("www.reddit.com" "reddit.com" "www.youtube.com" "youtube.com" "www.instagram.com" "instagram.com" "www.facebook.com" "facebook.com" "www.craigslist.org" "craigslist.org" "www.ebay.com" "ebay.com" "www.monkeytype.com" "monkeytype.com" "www.typeracer.com" "typeracer.com" "www.twitter.com" "twitter.com" "www.linkedin.com" "linkedin.com" "tinder.com")
+
+for website in ${websites[@]}; do
+    grep -v "$website" /etc/hosts > "$tempHosts"
+    mv "$tempHosts" /etc/hosts
+done
diff --git a/system/networking/default.nix b/system/networking/default.nix
index ad63f65..4d4cc93 100644
--- a/system/networking/default.nix
+++ b/system/networking/default.nix
@@ -12,12 +12,23 @@
       "127.0.0.1" = ["localhost"];
     };
 
-    networkmanager.enable = true;
+    networkmanager = {
+      enable = true;
+      # dispatcherScripts = [
+      # {
+      # source = ./blockers.sh;
+      # type = "basic";
+      # }
+      # ];
+    };
 
     # interfaces = {
     # enp0s31f6 = {};
     # wlp4s0 = {};
     # };
+
+    # ensures wireless is wlan0, eth is eth0;
+    # predictable interfaces is kinda sussy innit?
     usePredictableInterfaceNames = false;
   };
 }
diff --git a/system/services/dnsmasq/default.nix b/system/services/dnsmasq/default.nix
index 736f769..b5ed4a2 100644
--- a/system/services/dnsmasq/default.nix
+++ b/system/services/dnsmasq/default.nix
@@ -1,8 +1,13 @@
 {
   config,
   pkgs,
+  lib,
   ...
 }: {
+  system.activationScripts.dnsmasqConfd = lib.stringAfter ["var"] ''
+    mkdir -p /var/lib/dnsmasq/conf.d
+  '';
+
   services.dnsmasq = {
     enable = true;
     resolveLocalQueries = true;