sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
fork atom

refactor(services:adguardhome): rewrite & use config options

Chloe adb23813 f11b86a8

options
unified split
Changed files
+50 -12
services
adguardhome
default.nix
+50 -12
services/adguardhome/default.nix 
···

       
1

       
1

       
 

       
{


     

       
2

       
2

       
 

       
  services.adguardhome = {


     

       
3

       
3

       
 

       
    enable = true;


     

       

       
4

       
+

       



     

       

       
5

       
+

       
    # We'll be using Tailscale Services to serve AdGuard Home as a subdomain in our tailnet.


     

       
4

       
6

       
 

       
    host = "127.0.0.1";


     

       
5

       
7

       
 

       
    port = 3000;


     

       

       
8

       
+

       



     

       
6

       
9

       
 

       
    settings = {


     

       

       
10

       
+

       
      # AdGuard Home keeps insisting on forcing the Russian language on me for some reason.


     

       

       
11

       
+

       
      language = "en";


     

       

       
12

       
+

       



     

       

       
13

       
+

       
      # Use the auto theme so it matches the user's system theme.


     

       

       
14

       
+

       
      theme = "auto";


     

       

       
15

       
+

       



     

       
7

       
16

       
 

       
      dns = {


     

       
8

       

       
-

       
        port = 53;


     

       
9

       

       
-

       
        port_tls = 853;


     

       
10

       

       
-

       
        port_https = 8443;


     

       
11

       

       
-

       
        port_quic = 784;


     

       

       
17

       
+

       
        # Since we're not exposing AdGuard Home to the public internet, we can disable rate limiting.


     

       

       
18

       
+

       
        ratelimit = 0;


     

       

       
19

       
+

       



     

       

       
20

       
+

       
        bootstrap_dns = [


     

       

       
21

       
+

       
          "9.9.9.9" # Quad9


     

       

       
22

       
+

       
          "1.1.1.1" # Cloudflare


     

       

       
23

       
+

       
        ];


     

       

       
24

       
+

       



     

       

       
25

       
+

       
        upstream_dns = [


     

       

       
26

       
+

       
          "https://dns10.quad9.net/dns-query"


     

       

       
27

       
+

       
          "https://doh.mullvad.net/dns-query"


     

       

       
28

       
+

       
          "https://security.cloudflare-dns.com/dns-query"


     

       

       
29

       
+

       



     

       

       
30

       
+

       
          # Resolve DNS queries for 100.* IPs with Tailscale's Magic DNS.


     

       

       
31

       
+

       
          "[/100.in-addr.arpa]/100.100.100.100"


     

       

       
32

       
+

       
        ];


     

       
12

       
33

       
 

       
      };


     

       

       
34

       
+

       



     

       

       
35

       
+

       
      clients.persistent = [


     

       

       
36

       
+

       
        {


     

       

       
37

       
+

       
          name = "macOS";


     

       

       
38

       
+

       
          ids = [ "100.118.131.42" ];


     

       

       
39

       
+

       
        }


     

       

       
40

       
+

       
        {


     

       

       
41

       
+

       
          name = "Android";


     

       

       
42

       
+

       
          ids = [ "100.113.214.72" ];


     

       

       
43

       
+

       
        }


     

       

       
44

       
+

       
        {


     

       

       
45

       
+

       
          name = "UpCloud";


     

       

       
46

       
+

       
          ids = [ "100.96.154.98" ];


     

       

       
47

       
+

       
        }


     

       

       
48

       
+

       
        {


     

       

       
49

       
+

       
          name = "Windows";


     

       

       
50

       
+

       
          ids = [ "100.124.27.32" ];


     

       

       
51

       
+

       
        }


     

       

       
52

       
+

       
        {


     

       

       
53

       
+

       
          name = "Windows Subsystem for Linux";


     

       

       
54

       
+

       
          ids = [ "100.127.166.121" ];


     

       

       
55

       
+

       
        }


     

       

       
56

       
+

       
      ];


     

       
13

       
57

       
 

       
    };


     

       
14

       
58

       
 

       
  };


     

       
15

       
59

       
 

       



     

       
16

       
60

       
 

       
  settings.firewall = {


     

       
17

       

       
-

       
    allowedTCPPorts = [


     

       
18

       

       
-

       
      8443


     

       
19

       

       
-

       
      3000


     

       
20

       

       
-

       
    ];


     

       
21

       

       
-

       
    allowedUDPPorts = [


     

       
22

       

       
-

       
      53


     

       
23

       

       
-

       
      784


     

       
24

       

       
-

       
    ];


     

       

       
61

       
+

       
    allowedTCPPorts = [ 3000 ];


     

       

       
62

       
+

       
    allowedUDPPorts = [ 53 ];


     

       
25

       
63

       
 

       
  };


     

       
26

       
64

       
 

       
}