chore(config): upgrade to gosettings v0.4.0

- drop qdm12/govalid dependency
- upgrade qdm12/ss-server to v0.6.0
- do not unset sensitive config settings (makes no sense to me)

internal/configuration/settings/dnsblacklist.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/qdm12/dns/pkg/blacklist"
 	"github.com/qdm12/gosettings"
+	"github.com/qdm12/gosettings/reader"
 	"github.com/qdm12/gotree"
 )
 
@@ -63,16 +64,6 @@ func (b DNSBlacklist) copy() (copied DNSBlacklist) {
 	}
 }
 
-func (b *DNSBlacklist) mergeWith(other DNSBlacklist) {
-	b.BlockMalicious = gosettings.MergeWithPointer(b.BlockMalicious, other.BlockMalicious)
-	b.BlockAds = gosettings.MergeWithPointer(b.BlockAds, other.BlockAds)
-	b.BlockSurveillance = gosettings.MergeWithPointer(b.BlockSurveillance, other.BlockSurveillance)
-	b.AllowedHosts = gosettings.MergeWithSlice(b.AllowedHosts, other.AllowedHosts)
-	b.AddBlockedHosts = gosettings.MergeWithSlice(b.AddBlockedHosts, other.AddBlockedHosts)
-	b.AddBlockedIPs = gosettings.MergeWithSlice(b.AddBlockedIPs, other.AddBlockedIPs)
-	b.AddBlockedIPPrefixes = gosettings.MergeWithSlice(b.AddBlockedIPPrefixes, other.AddBlockedIPPrefixes)
-}
-
 func (b *DNSBlacklist) overrideWith(other DNSBlacklist) {
 	b.BlockMalicious = gosettings.OverrideWithPointer(b.BlockMalicious, other.BlockMalicious)
 	b.BlockAds = gosettings.OverrideWithPointer(b.BlockAds, other.BlockAds)
@@ -136,3 +127,66 @@ func (b DNSBlacklist) toLinesNode() (node *gotree.Node) {
 
 	return node
 }
+
+func (b *DNSBlacklist) read(r *reader.Reader) (err error) {
+	b.BlockMalicious, err = r.BoolPtr("BLOCK_MALICIOUS")
+	if err != nil {
+		return err
+	}
+
+	b.BlockSurveillance, err = r.BoolPtr("BLOCK_SURVEILLANCE",
+		reader.RetroKeys("BLOCK_NSA"))
+	if err != nil {
+		return err
+	}
+
+	b.BlockAds, err = r.BoolPtr("BLOCK_ADS")
+	if err != nil {
+		return err
+	}
+
+	b.AddBlockedIPs, b.AddBlockedIPPrefixes,
+		err = readDoTPrivateAddresses(r) // TODO v4 split in 2
+	if err != nil {
+		return err
+	}
+
+	b.AllowedHosts = r.CSV("UNBLOCK") // TODO v4 change name
+
+	return nil
+}
+
+var (
+	ErrPrivateAddressNotValid = errors.New("private address is not a valid IP or CIDR range")
+)
+
+func readDoTPrivateAddresses(reader *reader.Reader) (ips []netip.Addr,
+	ipPrefixes []netip.Prefix, err error) {
+	privateAddresses := reader.CSV("DOT_PRIVATE_ADDRESS")
+	if len(privateAddresses) == 0 {
+		return nil, nil, nil
+	}
+
+	ips = make([]netip.Addr, 0, len(privateAddresses))
+	ipPrefixes = make([]netip.Prefix, 0, len(privateAddresses))
+
+	for _, privateAddress := range privateAddresses {
+		ip, err := netip.ParseAddr(privateAddress)
+		if err == nil {
+			ips = append(ips, ip)
+			continue
+		}
+
+		ipPrefix, err := netip.ParsePrefix(privateAddress)
+		if err == nil {
+			ipPrefixes = append(ipPrefixes, ipPrefix)
+			continue
+		}
+
+		return nil, nil, fmt.Errorf(
+			"environment variable DOT_PRIVATE_ADDRESS: %w: %s",
+			ErrPrivateAddressNotValid, privateAddress)
+	}
+
+	return ips, ipPrefixes, nil
+}