nix-config/modules/services/adguardhome.nix

{
  config,
  lib,
  ...
}: {
  services.adguardhome = {
    enable = true;
    mutableSettings = false;
    openFirewall = true; # opens webinterface firewall
    settings = {
      bind_port = 3000;
      bind_host = "0.0.0.0";
      dns = {
        bind_hosts = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnet)];
        anonymize_client_ip = false;
        upstream_dns = [
          "1.0.0.1"
          "2606:4700:4700::1111"
          "8.8.8.8"
          "2001:4860:4860::8844"
        ];
        bootstrap_dns = [
          "1.0.0.1"
          "2606:4700:4700::1111"
          "8.8.8.8"
          "2001:4860:4860::8844"
        ];
      };
      user_rules = [
        "||adguardhome.${config.secrets.secrets.global.domains.web}^$dnsrewrite=${lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnet}"
        "||nc.${config.secrets.secrets.global.domains.web}^$dnsrewrite=${lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnet}"
        "||fritz.box^$dnsrewrite=${lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnet}"
      ];
      dhcp.enabled = false;
      ratelimit = 60;
      users = [
        {
          name = "patrick";
          password = "$2y$10$cmdb7U/qbtUvrcFeKQvr6.BPrm/UwCiP.gBW2jG0Aq24hnzd2co4m";
        }
      ];
      filters = [
        {
          name = "AdGuard DNS filter";
          url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
          enabled = true;
        }
        {
          name = "AdaAway Default Blocklist";
          url = "https://adaway.org/hosts.txt";
          enabled = true;
        }
        {
          name = "OISD (Big)";
          url = "https://big.oisd.nl";
          enabled = true;
        }
      ];
    };
  };
  networking.firewall = {
    allowedTCPPorts = [53];
    allowedUDPPorts = [53];
  };
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/private/AdGuardHome";
      mode = "0700";
    }
  ];
}
feat: gitea config 2024-01-12 15:47:43 +01:00			`{`
			`config,`
			`lib,`
			`...`
			`}: {`
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server 2024-01-11 22:42:03 +01:00			`services.adguardhome = {`
			`enable = true;`
			`mutableSettings = false;`
			`openFirewall = true; # opens webinterface firewall`
			`settings = {`
			`bind_port = 3000;`
			`bind_host = "0.0.0.0";`
			`dns = {`
feat: ddclient container 2024-01-13 19:23:51 +01:00			`bind_hosts = [(lib.net.cidr.host config.secrets.secrets.global.net.ips.${config.node.name} config.secrets.secrets.global.net.privateSubnet)];`
final setup elisabeth 2024-01-14 02:20:01 +01:00			`anonymize_client_ip = false;`
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server 2024-01-11 22:42:03 +01:00			`upstream_dns = [`
			`"1.0.0.1"`
			`"2606:4700:4700::1111"`
			`"8.8.8.8"`
			`"2001:4860:4860::8844"`
			`];`
			`bootstrap_dns = [`
			`"1.0.0.1"`
			`"2606:4700:4700::1111"`
			`"8.8.8.8"`
			`"2001:4860:4860::8844"`
			`];`
			`};`
feat: gitea config 2024-01-12 15:47:43 +01:00			`user_rules = [`
final setup elisabeth 2024-01-14 02:20:01 +01:00			`"\|\|adguardhome.${config.secrets.secrets.global.domains.web}^$dnsrewrite=${lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnet}"`
fix: update fucked shit 2024-01-15 20:46:53 +01:00			`"\|\|nc.${config.secrets.secrets.global.domains.web}^$dnsrewrite=${lib.net.cidr.host config.secrets.secrets.global.net.ips.elisabeth config.secrets.secrets.global.net.privateSubnet}"`
final setup elisabeth 2024-01-14 02:20:01 +01:00			`"\|\|fritz.box^$dnsrewrite=${lib.net.cidr.host 1 config.secrets.secrets.global.net.privateSubnet}"`
feat: gitea config 2024-01-12 15:47:43 +01:00			`];`
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server 2024-01-11 22:42:03 +01:00			`dhcp.enabled = false;`
			`ratelimit = 60;`
			`users = [`
			`{`
			`name = "patrick";`
feat: ddclient container 2024-01-13 19:23:51 +01:00			`password = "$2y$10$cmdb7U/qbtUvrcFeKQvr6.BPrm/UwCiP.gBW2jG0Aq24hnzd2co4m";`
feat: adguard home feat: implement extra module containers feat: final smb confi feat: final nextcloud confi feat: rework networks ip feat: move acme and ddclient to server 2024-01-11 22:42:03 +01:00			`}`
			`];`
			`filters = [`
			`{`
			`name = "AdGuard DNS filter";`
			`url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";`
			`enabled = true;`
			`}`
			`{`
			`name = "AdaAway Default Blocklist";`
			`url = "https://adaway.org/hosts.txt";`
			`enabled = true;`
			`}`
			`{`
			`name = "OISD (Big)";`
			`url = "https://big.oisd.nl";`
			`enabled = true;`
			`}`
			`];`
			`};`
			`};`
			`networking.firewall = {`
			`allowedTCPPorts = [53];`
			`allowedUDPPorts = [53];`
			`};`
			`environment.persistence."/persist".directories = [`
			`{`
			`directory = "/var/lib/private/AdGuardHome";`
			`mode = "0700";`
			`}`
			`];`
			`}`