kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format all

Browse Source
This commit is contained in:
Kopatz
2025-10-30 21:59:31 +01:00
parent b1dda4d037
commit 8a78e618bb
188 changed files with 3526 additions and 1825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
modules/services/adguard.nix
View File

@@ -1,8 +1,16 @@
{ config, pkgs, inputs, lib, ... }:
let cfg = config.custom.services.adguard;
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in {
{
config,
pkgs,
inputs,
lib,
...
}:
let
cfg = config.custom.services.adguard;
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in
{
options.custom.services.adguard = {
enable = lib.mkEnableOption "Enables adguard";
ip = lib.mkOption {
@@ -27,94 +35,96 @@ in {
};
rewrites = lib.mkOption {
type = lib.types.listOf (lib.types.attrsOf lib.types.str);
default = [ {
"domain" = "kopatz.ddns.net";
"answer" = ip;
}
{
"domain" = "kopatz.dev";
"answer" = ip;
}
{
"domain" = "kavita.kopatz.dev";
"answer" = ip;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
}
{
"domain" = "kop.bobin.at";
"answer" = ip;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}];
default = [
{
"domain" = "kopatz.ddns.net";
"answer" = ip;
}
{
"domain" = "kopatz.dev";
"answer" = ip;
}
{
"domain" = "kavita.kopatz.dev";
"answer" = ip;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
}
{
"domain" = "kop.bobin.at";
"answer" = ip;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}
];
description = "list of domains to rewrite to this server's ip";
};
};
@@ -134,33 +144,40 @@ in {
forceSSL = cfg.useHttps;
enableACME = cfg.useHttps;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyPass = "http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyWebsockets = true;
};
};
systemd.services.adguardhome = {
after = [ "nginx.service" "step-ca.service" ];
after = [
"nginx.service"
"step-ca.service"
];
};
services.adguardhome = {
enable = true;
settings = {
schema_version = 28;
users = [{
name = "admin";
password =
"$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}];
users = [
{
name = "admin";
password = "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}
];
dns = {
bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
bind_hosts = [
"127.0.0.1"
ip
]
++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
upstream_dns = [
#"https://dns10.quad9.net/dns-query" slow
#"https://dns10.quad9.net/dns-query" slow
"quic://dns.adguard-dns.com"
#"tls://noads.libredns.gr" slow
#"tls://noads.libredns.gr" slow
"https://noads.joindns4.eu/dns-query"
"tls://getdnsapi.net"
];
@@ -170,19 +187,19 @@ in {
];
use_http3_upstreams = true;
};
querylog = { enabled = false; };
querylog = {
enabled = false;
};
filters = [
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "adguard dns list";
id = 1;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "adguard block list";
id = 2;
}
@@ -199,12 +216,16 @@ in {
enabled = true;
url = pkgs.writeText "adguard-whitelist.txt" ''
@@|pool.supportxmr.com^
'';
'';
name = "adguard whitelist";
}
];
dhcp = { enabled = false; };
tls = { enabled = false; };
dhcp = {
enabled = false;
};
tls = {
enabled = false;
};
filtering = {
rewrites = cfg.rewrites;
};