dotfiles/modules/nixos/services/adguardhome/default.nix

93 lines
1.8 KiB
Nix
Raw Normal View History

2023-07-09 15:24:54 +00:00
{
options,
config,
lib,
pkgs,
format,
...
}:
with lib; let
2023-07-09 15:32:54 +00:00
cfg = config.aa.services.adguardhome;
2023-07-09 15:24:54 +00:00
in {
options.aa.services.adguardhome = with types; {
enable = mkEnableOption "adguardhome";
acmeCertName = mkOption {
type = str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
certificate.
'';
};
2023-07-09 15:24:54 +00:00
};
config = mkIf cfg.enable {
services.adguardhome = {
enable = true;
mutableSettings = true;
2024-05-04 02:59:19 +00:00
host = "0.0.0.0";
port = 3000;
settings = {
filtering.rewrites = [
{
domain = "adguardhome.kilonull.com";
answer = "192.168.113.13";
}
{
domain = "*.kilonull.com";
answer = "192.168.113.13";
}
];
};
2023-07-09 15:24:54 +00:00
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."adguardhome.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
2023-07-09 15:24:54 +00:00
};
};
networking.firewall = {
2023-07-09 16:26:53 +00:00
# TODO: Remove this here and leave it up to systems to decide to enable
# the firewall
2023-07-09 15:24:54 +00:00
enable = true;
allowedTCPPorts = [
# Plain DNS
53
# DHCP
68
# HTTP
80
# HTTPS
443
# DNS over TLS
853
# DNSCrypt
5443
];
allowedUDPPorts = [
# Plain DNS
53
# DHCP
67
68
# DNS over QUIC
784
853
8853
# DNSCrypt
5443
];
};
};
}