kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Kopatz
2025-03-18 16:27:20 +01:00
parent 923ab37209
commit cc32af7b80
131 changed files with 2383 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

284
modules/services/adguard.nix
View File

@@ -19,157 +19,159 @@ in {
description = "use https for the adguard instance";
};
};
config = let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
config =
let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
security.acme.certs."${cfg.fqdn}".server =
"https://127.0.0.1:8443/acme/kop-acme/directory";
# nginx reverse proxy
services.nginx.virtualHosts.${cfg.fqdn} = {
forceSSL = cfg.useHttps;
enableACME = cfg.useHttps;
quic = cfg.useHttps;
http3 = cfg.useHttps;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyWebsockets = true;
};
};
systemd.services.adguardhome = {
after = [ "nginx.service" "step-ca.service" ];
};
services.adguardhome = {
enable = true;
settings = {
schema_version = 28;
users = [{
name = "admin";
password =
"$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}];
dns = {
bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://dns.adguard-dns.com/dns-query"
];
use_http3_upstreams = true;
security.acme.certs."${cfg.fqdn}".server =
"https://127.0.0.1:8443/acme/kop-acme/directory";
# nginx reverse proxy
services.nginx.virtualHosts.${cfg.fqdn} = {
forceSSL = cfg.useHttps;
enableACME = cfg.useHttps;
quic = cfg.useHttps;
http3 = cfg.useHttps;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyWebsockets = true;
};
querylog = { enabled = false; };
filters = [
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "adguard dns list";
id = 1;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "adguard block list";
id = 2;
}
{
enabled = true;
url = "https://dbl.oisd.nl/";
name = "big block list";
id = 3;
}
];
dhcp = { enabled = false; };
tls = { enabled = false; };
filtering = {
rewrites = [
};
systemd.services.adguardhome = {
after = [ "nginx.service" "step-ca.service" ];
};
services.adguardhome = {
enable = true;
settings = {
schema_version = 28;
users = [{
name = "admin";
password =
"$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}];
dns = {
bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://dns.adguard-dns.com/dns-query"
];
use_http3_upstreams = true;
};
querylog = { enabled = false; };
filters = [
{
"domain" = "kopatz.ddns.net";
"answer" = ip;
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "adguard dns list";
id = 1;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "adguard block list";
id = 2;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
enabled = true;
url = "https://dbl.oisd.nl/";
name = "big block list";
id = 3;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}
];
dhcp = { enabled = false; };
tls = { enabled = false; };
filtering = {
rewrites = [
{
"domain" = "kopatz.ddns.net";
"answer" = ip;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}
];
};
};
};
};
};
}