DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AdGuard: Migrated Docker config to nix

Browse Source
This commit is contained in:
DerGrumpf
2026-04-11 12:19:39 +02:00
parent a9b52f8e58
commit bd62a4f942
1 changed files with 109 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
nixos/roles/adguard.nix
View File

@@ -1,7 +1,5 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
@@ -10,119 +8,126 @@ let
adguardPort = 3000; adguardPort = 3000;
in in
{ {
services.adguardhome = { services = {
enable = true; resolved.enable = false;
mutableSettings = true; adguardhome = {
allowDHCP = true; enable = true;
mutableSettings = true;
allowDHCP = true;
settings = { settings = {
http.address = "0.0.0.0:${toString adguardPort}"; http.address = "0.0.0.0:${toString adguardPort}";
users = [ users = [
{ {
name = "DerGrumpf"; name = "DerGrumpf";
password = "$2a$10$EyuPHKxu0YZ9sXl4ZNMzRuvYCKWOeCobTkpXUJBhL14CCkWCY6FRm"; password = "$2a$10$EyuPHKxu0YZ9sXl4ZNMzRuvYCKWOeCobTkpXUJBhL14CCkWCY6FRm";
} }
];
dns = {
bind_hosts = [ "0.0.0.0" ];
port = 53;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://dns.adguard-dns.com/dns-query"
"https://0ms.dev/dns-query"
"https://dns.cloudflare.com/dns-query"
"https://security.cloudflare-dns.com/dns-query"
]; ];
bootstrap_dns = [
"9.9.9.10"
"149.112.112.10"
];
fallback_dns = [
"1.1.1.1"
"8.8.8.8"
];
upstream_mode = "load_balance";
};
dhcp = { dns = {
enabled = false; bind_hosts = [
interface_name = primaryInterface; "0.0.0.0"
local_domain_name = "lan"; "::"
dhcpv4 = { ];
gateway_ip = "192.168.2.1"; port = 53;
subnet_mask = "255.255.255.0"; upstream_dns = [
range_start = "192.168.2.150"; "https://dns10.quad9.net/dns-query"
range_end = "192.168.2.200"; "https://dns.adguard-dns.com/dns-query"
lease_duration = 86400; "https://0ms.dev/dns-query"
icmp_timeout_msec = 1000; "https://dns.cloudflare.com/dns-query"
"https://security.cloudflare-dns.com/dns-query"
];
bootstrap_dns = [
"9.9.9.10"
"149.112.112.10"
];
fallback_dns = [
"1.1.1.1"
"8.8.8.8"
];
upstream_mode = "load_balance";
}; };
dhcpv6 = {
lease_duration = 86400; dhcp = {
ra_slaac_only = false; enabled = false;
ra_allow_slaac = false; interface_name = primaryInterface;
local_domain_name = "lan";
dhcpv4 = {
gateway_ip = "192.168.2.1";
subnet_mask = "255.255.255.0";
range_start = "192.168.2.150";
range_end = "192.168.2.200";
lease_duration = 86400;
icmp_timeout_msec = 1000;
};
dhcpv6 = {
range_start = "fdbb:959a:27ee::100";
lease_duration = 86400;
ra_slaac_only = false;
ra_allow_slaac = false;
};
}; };
};
filters = [ filters = [
# --- existing --- # --- existing ---
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "AdGuard DNS filter"; name = "AdGuard DNS filter";
id = 1; id = 1;
} }
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "AdAway Default Blocklist"; name = "AdAway Default Blocklist";
id = 2; id = 2;
} }
# --- malware & phishing --- # --- malware & phishing ---
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt";
name = "The Big List of Hacked Malware Web Sites"; name = "The Big List of Hacked Malware Web Sites";
id = 3; id = 3;
} }
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt";
name = "Malicious URL Blocklist (URLhaus)"; name = "Malicious URL Blocklist (URLhaus)";
id = 4; id = 4;
} }
# --- telemetry --- # --- telemetry ---
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt";
name = "AWAvenue Ads Rule"; name = "AWAvenue Ads Rule";
id = 5; id = 5;
} }
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_54.txt";
name = "HaGeZi's Windows/Office Tracker Blocklist"; name = "HaGeZi's Windows/Office Tracker Blocklist";
id = 6; id = 6;
} }
# --- Smart TV / IoT --- # --- Smart TV / IoT ---
{ {
enabled = true; enabled = true;
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt"; url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt";
name = "HaGeZi's Smart TV Blocklist"; name = "HaGeZi's Smart TV Blocklist";
id = 7; id = 7;
} }
]; ];
filtering = { filtering = {
filtering_enabled = true; filtering_enabled = true;
protection_enabled = true; protection_enabled = true;
safe_search.enabled = false; safe_search.enabled = false;
parental_enabled = false; parental_enabled = false;
safebrowsing_enabled = false; safebrowsing_enabled = false;
};
}; };
}; };
}; };