dotfiles/modules/nixos/services/adguardhome/default.nix

80 lines
1.5 KiB
Nix
Raw Permalink Normal View History

2023-07-09 15:24:54 +00:00
{
config,
lib,
namespace,
2023-07-09 15:24:54 +00:00
...
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.adguardhome;
2023-07-09 15:24:54 +00:00
in {
options.${namespace}.services.adguardhome = {
2023-07-09 15:24:54 +00:00
enable = mkEnableOption "adguardhome";
acmeCertName = mkOption {
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
certificate.
'';
};
2023-07-09 15:24:54 +00:00
};
config = mkIf cfg.enable {
services.adguardhome = {
enable = true;
mutableSettings = true;
2024-05-04 02:59:19 +00:00
host = "0.0.0.0";
port = 3000;
2023-07-09 15:24:54 +00:00
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."adguardhome.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
2023-07-09 15:24:54 +00:00
};
};
networking.firewall = {
2023-07-09 16:26:53 +00:00
# TODO: Remove this here and leave it up to systems to decide to enable
# the firewall
2023-07-09 15:24:54 +00:00
enable = true;
allowedTCPPorts = [
# Plain DNS
53
# DHCP
68
# HTTP
80
# HTTPS
443
# DNS over TLS
853
# DNSCrypt
5443
];
allowedUDPPorts = [
# Plain DNS
53
# DHCP
67
68
# DNS over QUIC
784
853
8853
# DNSCrypt
5443
];
};
};
}