❄️ Nix configurations
feat: enable doh
+11
-2
+11
-2
modules/nixos/server/adguard-home.nix
+11
-2
modules/nixos/server/adguard-home.nix
···
8
8
port = 43000;
9
9
settings = {
10
10
theme = "dark";
11
+
11
12
dns = {
12
13
upstream_dns = [
13
14
"https://dns10.quad9.net/dns-query"
···
15
16
"149.112.112.112#dns.quad9.net"
16
17
];
17
18
};
19
+
20
+
tls = {
21
+
enabled = true;
22
+
server_name: "dns.otter.place";
23
+
allow_unencrypted_doh = true;
24
+
};
25
+
18
26
filtering = {
19
27
protection_enabled = true;
20
28
filtering_enabled = true;
···
24
32
enabled = false;
25
33
};
26
34
};
35
+
27
36
filters = map(url: { enabled = true; url = url; }) [
28
37
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard DNS filter
29
38
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
···
34
43
35
44
# might prevent podman from pulling images
36
45
services.resolved.enable = false;
37
-
networking.firewall.allowedTCPPorts = [ 53 3000 ];
38
-
networking.firewall.allowedUDPPorts = [ 53 ];
46
+
networking.firewall.allowedTCPPorts = [ 53 853 ];
47
+
networking.firewall.allowedUDPPorts = [ 53 853 ];
39
48
40
49
services.traefik.dynamicConfigOptions.http = {
41
50
routers = {