diff --git a/nixos/roles/adguard.nix b/nixos/roles/adguard.nix index e1c5e4c..daaf1b0 100644 --- a/nixos/roles/adguard.nix +++ b/nixos/roles/adguard.nix @@ -1,7 +1,5 @@ { config, - lib, - pkgs, ... }: @@ -10,119 +8,126 @@ let adguardPort = 3000; in { - services.adguardhome = { - enable = true; - mutableSettings = true; - allowDHCP = true; + services = { + resolved.enable = false; + adguardhome = { + enable = true; + mutableSettings = true; + allowDHCP = true; - settings = { - http.address = "0.0.0.0:${toString adguardPort}"; + settings = { + http.address = "0.0.0.0:${toString adguardPort}"; - users = [ - { - name = "DerGrumpf"; - password = "$2a$10$EyuPHKxu0YZ9sXl4ZNMzRuvYCKWOeCobTkpXUJBhL14CCkWCY6FRm"; - } - ]; - - dns = { - bind_hosts = [ "0.0.0.0" ]; - port = 53; - upstream_dns = [ - "https://dns10.quad9.net/dns-query" - "https://dns.adguard-dns.com/dns-query" - "https://0ms.dev/dns-query" - "https://dns.cloudflare.com/dns-query" - "https://security.cloudflare-dns.com/dns-query" + users = [ + { + name = "DerGrumpf"; + password = "$2a$10$EyuPHKxu0YZ9sXl4ZNMzRuvYCKWOeCobTkpXUJBhL14CCkWCY6FRm"; + } ]; - bootstrap_dns = [ - "9.9.9.10" - "149.112.112.10" - ]; - fallback_dns = [ - "1.1.1.1" - "8.8.8.8" - ]; - upstream_mode = "load_balance"; - }; - dhcp = { - enabled = false; - interface_name = primaryInterface; - local_domain_name = "lan"; - dhcpv4 = { - gateway_ip = "192.168.2.1"; - subnet_mask = "255.255.255.0"; - range_start = "192.168.2.150"; - range_end = "192.168.2.200"; - lease_duration = 86400; - icmp_timeout_msec = 1000; + dns = { + bind_hosts = [ + "0.0.0.0" + "::" + ]; + port = 53; + upstream_dns = [ + "https://dns10.quad9.net/dns-query" + "https://dns.adguard-dns.com/dns-query" + "https://0ms.dev/dns-query" + "https://dns.cloudflare.com/dns-query" + "https://security.cloudflare-dns.com/dns-query" + ]; + bootstrap_dns = [ + "9.9.9.10" + "149.112.112.10" + ]; + fallback_dns = [ + "1.1.1.1" + "8.8.8.8" + ]; + upstream_mode = "load_balance"; }; - dhcpv6 = { - lease_duration = 86400; - ra_slaac_only = false; - ra_allow_slaac = false; + + dhcp = { + enabled = false; + interface_name = primaryInterface; + local_domain_name = "lan"; + dhcpv4 = { + gateway_ip = "192.168.2.1"; + subnet_mask = "255.255.255.0"; + range_start = "192.168.2.150"; + range_end = "192.168.2.200"; + lease_duration = 86400; + icmp_timeout_msec = 1000; + }; + dhcpv6 = { + range_start = "fdbb:959a:27ee::100"; + lease_duration = 86400; + ra_slaac_only = false; + ra_allow_slaac = false; + }; }; - }; - filters = [ - # --- existing --- - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"; - name = "AdGuard DNS filter"; - id = 1; - } - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"; - name = "AdAway Default Blocklist"; - id = 2; - } + filters = [ + # --- existing --- + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"; + name = "AdGuard DNS filter"; + id = 1; + } + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"; + name = "AdAway Default Blocklist"; + id = 2; + } - # --- malware & phishing --- - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt"; - name = "The Big List of Hacked Malware Web Sites"; - id = 3; - } - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"; - name = "Malicious URL Blocklist (URLhaus)"; - id = 4; - } + # --- malware & phishing --- + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt"; + name = "The Big List of Hacked Malware Web Sites"; + id = 3; + } + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"; + name = "Malicious URL Blocklist (URLhaus)"; + id = 4; + } - # --- telemetry --- - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt"; - name = "AWAvenue Ads Rule"; - id = 5; - } - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt"; - name = "HaGeZi's Windows/Office Tracker Blocklist"; - id = 6; - } + # --- telemetry --- + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt"; + name = "AWAvenue Ads Rule"; + id = 5; + } + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt"; + name = "HaGeZi's Windows/Office Tracker Blocklist"; + id = 6; + } - # --- Smart TV / IoT --- - { - enabled = true; - url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt"; - name = "HaGeZi's Smart TV Blocklist"; - id = 7; - } - ]; + # --- Smart TV / IoT --- + { + enabled = true; + url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt"; + name = "HaGeZi's Smart TV Blocklist"; + id = 7; + } + ]; - filtering = { - filtering_enabled = true; - protection_enabled = true; - safe_search.enabled = false; - parental_enabled = false; - safebrowsing_enabled = false; + filtering = { + filtering_enabled = true; + protection_enabled = true; + safe_search.enabled = false; + parental_enabled = false; + safebrowsing_enabled = false; + }; }; }; };