142 lines
3.5 KiB
Nix
142 lines
3.5 KiB
Nix
{
|
|
config,
|
|
tools,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
lib = pkgs.lib;
|
|
master_login = config.globals.master.login;
|
|
master_pass = config.globals.master.initial_htpasswd;
|
|
ip = tools.build_ip;
|
|
proxy_addr = ip "proxy";
|
|
domain_ext = config.globals.domains.external;
|
|
domain_int = config.globals.domains.internal;
|
|
json = pkgs.formats.json { };
|
|
in
|
|
{
|
|
environment.etc."alloy/logs-adguardhome.alloy".text =
|
|
(import ./alloy/default-journal-logger.alloy.nix {
|
|
inherit tools;
|
|
container = "dns";
|
|
service = "adguardhome";
|
|
additional_stages = ''
|
|
stage.regex {
|
|
expression = "^(?P<timestamp>\\S+ \\S+) \\[(?P<level>\\w+)\\] (?P<message>.*)$"
|
|
}
|
|
|
|
stage.timestamp {
|
|
source = "timestamp"
|
|
format = "2006/01/02 15:04:05.999999"
|
|
location = "${config.globals.default_tz}"
|
|
}
|
|
|
|
stage.labels {
|
|
values = {
|
|
level = "level",
|
|
}
|
|
}
|
|
|
|
stage.output {
|
|
source = "message"
|
|
}
|
|
'';
|
|
}).out;
|
|
environment.etc."AdGuardHome/data/leases.json".source = json.generate "leases.json" {
|
|
version = 1;
|
|
leases = (
|
|
lib.filter (x: x.mac != null) (
|
|
lib.mapAttrsToList (host: h: {
|
|
expires = "";
|
|
ip = tools.build_ip h.ip;
|
|
hostname = host;
|
|
mac = h.mac;
|
|
static = true;
|
|
}) config.globals.other_hosts
|
|
)
|
|
);
|
|
};
|
|
systemd.services.adguardhome.preStart = ''
|
|
cp /etc/AdGuardHome/data/leases.json /var/lib/AdGuardHome/data/leases.json
|
|
chown adguardhome:adguardhome /var/lib/AdGuardHome/data/leases.json
|
|
'';
|
|
services.adguardhome = {
|
|
enable = true;
|
|
allowDHCP = true;
|
|
host = "0.0.0.0";
|
|
port = 80;
|
|
openFirewall = true;
|
|
mutableSettings = true; # ??
|
|
settings = {
|
|
dhcp = {
|
|
enabled = true;
|
|
interface_name = "eth0";
|
|
dhcpv4 = {
|
|
gateway_ip = config.globals.gateway;
|
|
subnet_mask = config.globals.mask;
|
|
range_start = tools.build_ip 150;
|
|
range_end = tools.build_ip 199;
|
|
};
|
|
local_domain_name = lib.removePrefix "." config.globals.domains.internal;
|
|
};
|
|
http = {
|
|
address = "0.0.0.0:80";
|
|
session_ttl = "720h";
|
|
};
|
|
users = [
|
|
{
|
|
name = master_login;
|
|
password = master_pass;
|
|
}
|
|
];
|
|
filters = [
|
|
{
|
|
enabled = true;
|
|
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
|
|
name = "AdGuard DNS filter";
|
|
id = 1;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url = "https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
|
|
name = "AdAway Default Blocklist";
|
|
id = 2;
|
|
}
|
|
];
|
|
|
|
auth_attempts = 5;
|
|
block_auth_min = 15;
|
|
language = "fr";
|
|
dns = {
|
|
bind_hosts = [ "0.0.0.0" ];
|
|
port = 53;
|
|
upstream_dns = [
|
|
"127.0.0.1:5335"
|
|
"https://dns10.quad9.net/dns-query"
|
|
];
|
|
trusted_proxies = [
|
|
"127.0.0.0/8"
|
|
"::1/128"
|
|
proxy_addr
|
|
];
|
|
};
|
|
filtering = {
|
|
safe_search.enabled = false;
|
|
blocking_mode = "nxdomain";
|
|
rewrites = [
|
|
{
|
|
domain = "*${domain_ext}";
|
|
answer = proxy_addr;
|
|
enabled = true;
|
|
}
|
|
]
|
|
++ (lib.mapAttrsToList (d: id: {
|
|
domain = "${d}${domain_int}";
|
|
answer = "${ip d}";
|
|
enabled = true;
|
|
}) config.id);
|
|
};
|
|
};
|
|
};
|
|
}
|