services/adguardhome/default.nix at 39e4f19b4004f815aaea51a73f8f5b7dbe5b71da · sapphic.moe/flake

sapphic.moe / flake

❄️ Dotfiles for our NixOS system configuration.

flake / services / adguardhome / default.nix

at 39e4f19b4004f815aaea51a73f8f5b7dbe5b71da 1.6 kB view raw

 1{
 2  services.adguardhome = {
 3    enable = true;
 4
 5    # We'll be using Tailscale Services to serve AdGuard Home as a subdomain in our tailnet.
 6    host = "127.0.0.1";
 7    port = 3000;
 8
 9    settings = {
10      # AdGuard Home keeps insisting on forcing the Russian language on me for some reason.
11      language = "en";
12
13      # Use the auto theme so it matches the user's system theme.
14      theme = "auto";
15
16      dns = {
17        # Since we're not exposing AdGuard Home to the public internet, we can disable rate limiting.
18        ratelimit = 0;
19
20        bootstrap_dns = [
21          "9.9.9.9" # Quad9
22          "1.1.1.1" # Cloudflare
23        ];
24
25        upstream_dns = [
26          "https://dns10.quad9.net/dns-query"
27          "https://doh.mullvad.net/dns-query"
28          "https://security.cloudflare-dns.com/dns-query"
29
30          # Resolve DNS queries for 100.* IPs with Tailscale's Magic DNS.
31          "[/100.in-addr.arpa/]100.100.100.100"
32        ];
33
34        allowed_clients = [
35          "100.64.0.0/10" # Tailscale IP range
36          "127.0.0.1/24" # localhost
37        ];
38      };
39
40      clients.persistent = [
41        {
42          name = "macOS";
43          ids = [ "100.118.131.42" ];
44        }
45        {
46          name = "Android";
47          ids = [ "100.113.214.72" ];
48        }
49        {
50          name = "UpCloud";
51          ids = [ "100.96.154.98" ];
52        }
53        {
54          name = "Windows";
55          ids = [ "100.124.27.32" ];
56        }
57        {
58          name = "Windows Subsystem for Linux";
59          ids = [ "100.127.166.121" ];
60        }
61      ];
62    };
63  };
64}