feat: add dns container with AGH + unbound

2025-10-23 22:13:43 +02:00
parent 0d343b12a3
commit 16b9271caf
6 changed files with 210 additions and 2 deletions
--- a/lxc/dns/adguardhome-config.nix
+++ b/lxc/dns/adguardhome-config.nix
@@ -0,0 +1,74 @@
+{
+  infra,
+  ip,
+  domainname,
+  ...
+}:
+{
+  enable = true;
+  host = "0.0.0.0";
+  port = 80;
+  openFirewall = true;
+  mutableSettings = true;
+  settings = {
+    http = {
+      address = "${ip}:80";
+      session_ttl = "720h";
+    };
+    users = [
+      {
+        name = infra.master_login;
+        password = infra.master_htpasswd;
+      }
+    ];
+    filters = [
+      {
+        enabled = true;
+        url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
+        name = "AdGuard DNS filter";
+        id = 1;
+      }
+      {
+        enabled = true;
+        url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
+        name = "AdAway Default Blocklist";
+        id = 2;
+      }
+    ];
+
+    auth_attempts = 5;
+    block_auth_min = 15;
+    language = "fr";
+    dns = {
+      bind_hosts = [ ip ];
+      port = 53;
+      upstream_dns = [
+        "127.0.0.1:5335"
+        "https://dns10.quad9.net/dns-query"
+      ];
+    };
+    filtering = {
+      safe_search = {
+        enabled = true;
+        bing = true;
+        duckduckgo = true;
+        ecosia = true;
+        google = true;
+        pixabay = true;
+        yandex = true;
+        youtube = true;
+      };
+      rewrites = [
+        {
+          domain = "*${infra.domains.exposed}";
+          answer = infra.reverse_proxy_addr;
+        }
+        {
+          domain = domainname;
+          answer = ip;
+        }
+        # add internal domains for all containers?
+      ];
+    };
+  };
+}