update adguard

2024-06-09 14:33:58 +02:00
parent 73858519c6
commit 93d52bc878
2 changed files with 145 additions and 129 deletions
--- a/modules/services/adguard.nix
+++ b/modules/services/adguard.nix
@@ -1,16 +1,23 @@
-{ config, pkgs, inputs, lib , ... }:
-with lib;
-let
-  cfg = config.custom.services.adguard;
-in
-{
+{ config, pkgs, inputs, lib, ... }:
+let cfg = config.custom.services.adguard;
+in {
  options.custom.services.adguard = {
-    enable = mkEnableOption "Enables adguard";
+    enable = lib.mkEnableOption "Enables adguard";
    ip = lib.mkOption {
-        type = types.str;
+      type = lib.types.str;
      default = config.custom.static-ip.ip;
      description = "this servers ipv4 address";
    };
+    fqdn = lib.mkOption {
+      type = lib.types.str;
+      default = "adguard.home.arpa";
+      description = "fqdn for the adguard instance";
+    };
+    useHttps = lib.mkOption {
+      type = lib.types.bool;
+      default = lib.true;
+      description = "use https for the adguard instance";
+    };
  };
  config = let
    ip = cfg.ip;
@@ -19,16 +26,30 @@ in
    networking.firewall.allowedTCPPorts = [ 53 ];
    networking.firewall.allowedUDPPorts = [ 53 ];

+    security.acme.certs."${cfg.fqdn}".server =
+      "https://127.0.0.1:8443/acme/acme/directory";
+    # nginx reverse proxy
+    services.nginx.virtualHosts.${cfg.fqdn} = {
+      forceSSL = cfg.useHttps;
+      enableACME = cfg.useHttps;
+      quic = cfg.useHttps;
+      http3 = cfg.useHttps;
+      locations."/" = {
+        proxyPass =
+          "http://127.0.0.1:${toString config.services.adguardhome.port}";
+        proxyWebsockets = true;
+      };
+    };
+
    services.adguardhome = {
      enable = true;
      settings = {
        schema_version = 20;
-      users = [
-        {
+        users = [{
          name = "admin";
-          password = "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
-        }
-      ];
+          password =
+            "$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
+        }];
        dns = {
          bind_hosts = [ "127.0.0.1" ip wireguardIp ];
          port = 53;
@@ -104,19 +125,19 @@ in
            }
          ];
        };
-      querylog = {
-        enabled = false;
-      };
+        querylog = { enabled = false; };
        filters = [
          {
            enabled = true;
-          url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
+            url =
+              "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
            name = "adguard dns list";
            id = 1;
          }
          {
            enabled = true;
-          url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
+            url =
+              "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
            name = "adguard block list";
            id = 2;
          }
@@ -129,10 +150,8 @@ in
        ];
        dhcp = { enabled = false; };
        dhcpv6 = { enabled = false; };
-      tls = {
-        enabled = true;
+        tls = { enabled = true; };
      };
    };
  };
-};
 }
--- a/modules/services/nginx.nix
+++ b/modules/services/nginx.nix
@@ -110,9 +110,6 @@ in {
            proxyPass = "http://127.0.0.1:8081";
          };
        };
-        "adguard.home.arpa" = {
-          locations."/".proxyPass = "http://127.0.0.1:3000";
-        };
      };
    };
  };