{ config, ... }: { services.adguardhome = { enable = true; mutableSettings = true; extraArgs = [ "--web-addr" "0.0.0.0:3003" ]; settings = { http = { # You can select any ip and port, just make sure to open firewalls where needed address = "0.0.0.0:3003"; }; dns = { bootstrap_dns = [ "1.1.1.1" ]; upstream_dns = [ "1.1.1.1" # cloudflare "9.9.9.9" # dns.quad9.net "149.112.112.112" # dns.quad9.net ]; }; querylog.enabled = false; filtering = { protection_enabled = true; filtering_enabled = true; }; # The following notation uses map # to not have to manually create {enabled = true; url = "";} for every filter # This is, however, fully optional filters = map(url: { enabled = true; url = url; }) [ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist # advertising "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" "https://v.firebog.net/hosts/Admiral.txt" "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts" # privacy "https://v.firebog.net/hosts/Easyprivacy.txt" "https://v.firebog.net/hosts/Prigent-Ads.txt" # phishing "https://v.firebog.net/hosts/Prigent-Crypto.txt" "https://phishing.army/download/phishing_army_blocklist_extended.txt" # malware "https://v.firebog.net/hosts/RPiList-Malware.txt" "https://lists.cyberhost.uk/malware.txt" ]; }; }; networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; services.caddy.virtualHosts."dns.${config.homelab.domain}" = { useACMEHost = config.homelab.domain; extraConfig = '' reverse_proxy http:/localhost:3003 ''; }; }