2024-12-21 20:57:16 +01:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
globals,
|
|
|
|
...
|
|
|
|
}:
|
2024-01-12 15:47:43 +01:00
|
|
|
{
|
2024-12-20 20:40:27 +01:00
|
|
|
wireguard.services = {
|
|
|
|
client.via = "nucnix";
|
|
|
|
firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ config.services.adguardhome.port ];
|
2024-03-14 23:08:42 +01:00
|
|
|
};
|
2024-01-11 22:42:03 +01:00
|
|
|
services.adguardhome = {
|
|
|
|
enable = true;
|
|
|
|
mutableSettings = false;
|
2024-05-22 18:24:04 +02:00
|
|
|
host = "0.0.0.0";
|
|
|
|
port = 3000;
|
|
|
|
|
2024-01-11 22:42:03 +01:00
|
|
|
settings = {
|
|
|
|
dns = {
|
2024-02-10 17:53:16 +01:00
|
|
|
bind_hosts = [
|
2024-12-22 19:00:21 +01:00
|
|
|
(lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4)
|
|
|
|
(lib.net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv6)
|
2024-02-10 17:53:16 +01:00
|
|
|
];
|
2024-01-14 02:20:01 +01:00
|
|
|
anonymize_client_ip = false;
|
2024-01-11 22:42:03 +01:00
|
|
|
upstream_dns = [
|
2024-02-10 17:53:16 +01:00
|
|
|
"https://dns.google/dns-query"
|
|
|
|
"https://dns.quad9.net/dns-query"
|
|
|
|
"https://dns.cloudflare.com/dns-query"
|
|
|
|
"https://doh.mullvad.net/dns-query"
|
2024-01-11 22:42:03 +01:00
|
|
|
];
|
|
|
|
bootstrap_dns = [
|
|
|
|
"1.0.0.1"
|
|
|
|
"2606:4700:4700::1111"
|
|
|
|
"8.8.8.8"
|
|
|
|
"2001:4860:4860::8844"
|
|
|
|
];
|
|
|
|
};
|
2024-01-12 15:47:43 +01:00
|
|
|
user_rules = [
|
2024-12-23 12:42:21 +01:00
|
|
|
"||homematic.${globals.domains.web}^$dnsrewrite=${lib.net.cidr.host 30 globals.net.vlans.home.cidrv4}"
|
|
|
|
"||testberry.${globals.domains.web}^$dnsrewrite=${lib.net.cidr.host 31 globals.net.vlans.home.cidrv4}"
|
2024-12-21 20:57:16 +01:00
|
|
|
"||${globals.services.samba.domain}^$dnsrewrite=${lib.net.cidr.host globals.services.samba.ip globals.net.vlans.home.cidrv4}"
|
2024-12-22 19:00:21 +01:00
|
|
|
"||${globals.domains.web}^$dnsrewrite=${lib.net.cidr.host 1 globals.net.vlans.services.cidrv4}"
|
2024-12-21 20:57:16 +01:00
|
|
|
"||fritz.box^$dnsrewrite=${lib.net.cidr.host 1 "10.99.2.0/24"}"
|
2024-01-12 15:47:43 +01:00
|
|
|
];
|
2024-01-11 22:42:03 +01:00
|
|
|
dhcp.enabled = false;
|
|
|
|
ratelimit = 60;
|
|
|
|
filters = [
|
|
|
|
{
|
|
|
|
name = "AdGuard DNS filter";
|
|
|
|
url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
|
|
|
|
enabled = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "AdaAway Default Blocklist";
|
|
|
|
url = "https://adaway.org/hosts.txt";
|
|
|
|
enabled = true;
|
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "OISD (Big)";
|
|
|
|
url = "https://big.oisd.nl";
|
|
|
|
enabled = true;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
networking.firewall = {
|
2024-07-26 22:12:48 +02:00
|
|
|
allowedTCPPorts = [ 53 ];
|
|
|
|
allowedUDPPorts = [ 53 ];
|
2024-01-11 22:42:03 +01:00
|
|
|
};
|
|
|
|
environment.persistence."/persist".directories = [
|
|
|
|
{
|
|
|
|
directory = "/var/lib/private/AdGuardHome";
|
|
|
|
mode = "0700";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|