pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.adguardhome;
7
8 args = concatStringsSep " " ([
9 "--no-check-update"
10 "--pidfile /run/AdGuardHome/AdGuardHome.pid"
11 "--work-dir /var/lib/AdGuardHome/"
12 "--config /var/lib/AdGuardHome/AdGuardHome.yaml"
13 "--host ${cfg.host}"
14 "--port ${toString cfg.port}"
15 ] ++ cfg.extraArgs);
16
17in
18{
19 options.services.adguardhome = with types; {
20 enable = mkEnableOption "AdGuard Home network-wide ad blocker";
21
22 host = mkOption {
23 default = "0.0.0.0";
24 type = str;
25 description = ''
26 Host address to bind HTTP server to.
27 '';
28 };
29
30 port = mkOption {
31 default = 3000;
32 type = port;
33 description = ''
34 Port to serve HTTP pages on.
35 '';
36 };
37
38 openFirewall = mkOption {
39 default = false;
40 type = bool;
41 description = ''
42 Open ports in the firewall for the AdGuard Home web interface. Does not
43 open the port needed to access the DNS resolver.
44 '';
45 };
46
47 extraArgs = mkOption {
48 default = [ ];
49 type = listOf str;
50 description = ''
51 Extra command line parameters to be passed to the adguardhome binary.
52 '';
53 };
54 };
55
56 config = mkIf cfg.enable {
57 systemd.services.adguardhome = {
58 description = "AdGuard Home: Network-level blocker";
59 after = [ "syslog.target" "network.target" ];
60 wantedBy = [ "multi-user.target" ];
61 unitConfig = {
62 StartLimitIntervalSec = 5;
63 StartLimitBurst = 10;
64 };
65 serviceConfig = {
66 DynamicUser = true;
67 ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}";
68 AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
69 Restart = "always";
70 RestartSec = 10;
71 RuntimeDirectory = "AdGuardHome";
72 StateDirectory = "AdGuardHome";
73 };
74 };
75
76 networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
77 };
78}