79 lines
2.3 KiB
Nix
79 lines
2.3 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.adguardhome;
|
|
in
|
|
with lib;
|
|
{
|
|
options = {
|
|
adguardhome = {
|
|
enable = mkEnableOption "enables AdGuardHome";
|
|
port = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 3000;
|
|
description = "The port that AdGuardHome is served on.";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkMerge [
|
|
(mkIf cfg.enable {
|
|
networking.firewall.allowedTCPPorts = [ 53 cfg.port ];
|
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
|
services.adguardhome = {
|
|
enable = true;
|
|
settings = {
|
|
http = {
|
|
# You can select any ip and port, just make sure to open firewalls where needed
|
|
address = "0.0.0.0:${cfg.port toString}";
|
|
};
|
|
dns = {
|
|
upstream_dns = [
|
|
# Example config with quad9
|
|
"9.9.9.9#dns.quad9.net"
|
|
"149.112.112.112#dns.quad9.net"
|
|
# Uncomment the following to use a local DNS service (e.g. Unbound)
|
|
# Additionally replace the address & port as needed
|
|
# "127.0.0.1:5335"
|
|
];
|
|
rewrites = [
|
|
{
|
|
domain = "macmini.local";
|
|
answer = "192.168.1.100";
|
|
}
|
|
{
|
|
domain = "centre.local";
|
|
answer = "192.168.1.227";
|
|
}
|
|
];
|
|
};
|
|
filtering = {
|
|
protection_enabled = true;
|
|
filtering_enabled = true;
|
|
|
|
parental_enabled = false; # Parental control-based DNS requests filtering.
|
|
safe_search = {
|
|
enabled = false; # Enforcing "Safe search" option for search engines, when possible.
|
|
};
|
|
};
|
|
# The following notation uses map
|
|
# to not have to manually create {enabled = true; url = "";} for every filter
|
|
# This is, however, fully optional
|
|
# filters =
|
|
# map
|
|
# (url: {
|
|
# enabled = true;
|
|
# url = url;
|
|
# })
|
|
# [
|
|
# "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
|
|
# "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
|
|
# ];
|
|
};
|
|
};
|
|
})
|
|
];
|
|
}
|