diff --git a/modules/graphical/code.nix b/modules/graphical/code.nix index 45120c7..0203afb 100644 --- a/modules/graphical/code.nix +++ b/modules/graphical/code.nix @@ -14,7 +14,7 @@ in documentation.dev.enable = true; environment.systemPackages = with pkgs; [ man-pages - stable.jetbrains.idea-ultimate + jetbrains.idea-ultimate typescript insomnia nodejs_22 # needed for tabby extension diff --git a/modules/nix/settings.nix b/modules/nix/settings.nix index 2a47d1e..591a80b 100644 --- a/modules/nix/settings.nix +++ b/modules/nix/settings.nix @@ -20,7 +20,7 @@ in nix = { optimise.automatic = cfg.optimise; - settings.experimental-features = [ "nix-command" "flakes" ]; + settings.experimental-features = [ "nix-command" "flakes" "pipe-operators" ]; # not used #settings.substituters = # lib.mkIf (config.networking.hostName == "kop-pc") diff --git a/modules/services/adguard.nix b/modules/services/adguard.nix index 1832217..d5a7cf5 100644 --- a/modules/services/adguard.nix +++ b/modules/services/adguard.nix @@ -1,5 +1,7 @@ { config, pkgs, inputs, lib, ... }: let cfg = config.custom.services.adguard; + ip = cfg.ip; + wireguardIp = config.custom.services.wireguard.ip; in { options.custom.services.adguard = { enable = lib.mkEnableOption "Enables adguard"; @@ -23,87 +25,9 @@ in { default = "https://127.0.0.1:8443/acme/kop-acme/directory"; description = "acme url for the adguard instance"; }; - }; - config = - let - ip = cfg.ip; - wireguardIp = config.custom.services.wireguard.ip; - in - lib.mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; - - security.acme.certs."${cfg.fqdn}".server = cfg.acme-url; - # nginx reverse proxy - services.nginx.enable = true; - services.nginx.virtualHosts.${cfg.fqdn} = { - forceSSL = cfg.useHttps; - enableACME = cfg.useHttps; - locations."/" = { - proxyPass = - "http://127.0.0.1:${toString config.services.adguardhome.port}"; - proxyWebsockets = true; - }; - }; - systemd.services.adguardhome = { - after = [ "nginx.service" "step-ca.service" ]; - }; - - services.adguardhome = { - enable = true; - settings = { - schema_version = 28; - users = [{ - name = "admin"; - password = - "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W"; - }]; - dns = { - bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ]; - port = 53; - protection_enabled = true; - filtering_enabled = true; - upstream_dns = [ - #"https://dns10.quad9.net/dns-query" slow - "quic://dns.adguard-dns.com" - #"tls://noads.libredns.gr" slow - "https://noads.joindns4.eu/dns-query" - "tls://getdnsapi.net" - ]; - fallback_dns = [ - "1.1.1.1" - "1.0.0.1" - ]; - use_http3_upstreams = true; - }; - querylog = { enabled = false; }; - filters = [ - { - enabled = true; - url = - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"; - name = "adguard dns list"; - id = 1; - } - { - enabled = true; - url = - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"; - name = "adguard block list"; - id = 2; - } - { - enabled = true; - url = "https://dbl.oisd.nl/"; - name = "big block list"; - id = 3; - } - ]; - dhcp = { enabled = false; }; - tls = { enabled = false; }; - filtering = { - rewrites = [ - { + rewrites = lib.mkOption { + type = lib.types.listOf (lib.types.attrsOf lib.types.str); + default = [ { "domain" = "kopatz.ddns.net"; "answer" = ip; } @@ -190,8 +114,89 @@ in { { "domain" = "inverter.home.arpa"; "answer" = "192.168.0.9"; - } + }]; + description = "list of domains to rewrite to this server's ip"; + }; + }; + config = + #let + # ip = cfg.ip; + # wireguardIp = config.custom.services.wireguard.ip; + #in + lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + + security.acme.certs."${cfg.fqdn}".server = cfg.acme-url; + # nginx reverse proxy + services.nginx.enable = true; + services.nginx.virtualHosts.${cfg.fqdn} = { + forceSSL = cfg.useHttps; + enableACME = cfg.useHttps; + locations."/" = { + proxyPass = + "http://127.0.0.1:${toString config.services.adguardhome.port}"; + proxyWebsockets = true; + }; + }; + systemd.services.adguardhome = { + after = [ "nginx.service" "step-ca.service" ]; + }; + + services.adguardhome = { + enable = true; + settings = { + schema_version = 28; + users = [{ + name = "admin"; + password = + "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W"; + }]; + dns = { + bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ]; + port = 53; + protection_enabled = true; + filtering_enabled = true; + upstream_dns = [ + #"https://dns10.quad9.net/dns-query" slow + "quic://dns.adguard-dns.com" + #"tls://noads.libredns.gr" slow + "https://noads.joindns4.eu/dns-query" + "tls://getdnsapi.net" ]; + fallback_dns = [ + "1.1.1.1" + "1.0.0.1" + ]; + use_http3_upstreams = true; + }; + querylog = { enabled = false; }; + filters = [ + { + enabled = true; + url = + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"; + name = "adguard dns list"; + id = 1; + } + { + enabled = true; + url = + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"; + name = "adguard block list"; + id = 2; + } + { + enabled = true; + url = "https://dbl.oisd.nl/"; + name = "big block list"; + id = 3; + } + ]; + dhcp = { enabled = false; }; + tls = { enabled = false; }; + filtering = { + rewrites = cfg.rewrites; }; }; }; diff --git a/systems/pc/configuration.nix b/systems/pc/configuration.nix index 4fe503b..006decb 100644 --- a/systems/pc/configuration.nix +++ b/systems/pc/configuration.nix @@ -42,7 +42,7 @@ #gateway = "192.168.0.10"; }; misc = { docker.enable = true; }; - services = { syncthing = { enable = true; }; }; + services = { syncthing = { enable = true; }; adguard.ip = "192.168.0.10"; }; hardware = { android.enable = true; amd-gpu = { @@ -235,6 +235,18 @@ '' ]; + networking.hosts = let + addr_to_domain_list = config.custom.services.adguard.rewrites |> map (x: { "${x.answer}" = [ x.domain ];} ); + flattened = builtins.foldl' (acc: elem: + let + ip = builtins.head (builtins.attrNames elem); + names = elem.${ip}; + in acc // { + ${ip} = (acc.${ip} or []) ++ names; + } + ) {} addr_to_domain_list; + in flattened; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave