❄️ Nix configurations
feat: add adguard-home
+54
+54
modules/nixos/server/adguard-home.nix
+54
modules/nixos/server/adguard-home.nix
···
1
+
{ pkgs, config, ... }:
2
+
3
+
{
4
+
services.adguardhome = {
5
+
enable = true;
6
+
7
+
host = "127.0.0.1";
8
+
port = 43000;
9
+
settings = {
10
+
theme = "dark";
11
+
dns = {
12
+
upstream_dns = [
13
+
"https://dns10.quad9.net/dns-query"
14
+
"9.9.9.9#dns.quad9.net"
15
+
"149.112.112.112#dns.quad9.net"
16
+
];
17
+
};
18
+
filtering = {
19
+
protection_enabled = true;
20
+
filtering_enabled = true;
21
+
22
+
parental_enabled = false;
23
+
safe_search = {
24
+
enabled = false;
25
+
};
26
+
};
27
+
filters = map(url: { enabled = true; url = url; }) [
28
+
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard DNS filter
29
+
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
30
+
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # Malicious URL Blocklist (URLHaus)
31
+
];
32
+
};
33
+
};
34
+
35
+
# might prevent podman from pulling images
36
+
services.resolved.enable = false;
37
+
networking.firewall.allowedTCPPorts = [ 53 3000 ];
38
+
networking.firewall.allowedUDPPorts = [ 53 ];
39
+
40
+
services.traefik.dynamicConfigOptions.http = {
41
+
routers = {
42
+
adguardhome = {
43
+
entryPoints = ["websecure"];
44
+
service = "adguardhome";
45
+
rule = "Host(`dns.otter.place`)";
46
+
tls.certResolver = "letsencrypt";
47
+
};
48
+
};
49
+
50
+
services = {
51
+
pihole.loadBalancer.servers = [{url = "http://localhost:43000";}];
52
+
};
53
+
};
54
+
}