adguardhome: init

2025-05-03 16:16:04 +10:00 · 2025-05-03 16:16:04 +10:00 · 39e4884e9a
commit 39e4884e9a
parent 2204137112
1 changed files with 69 additions and 0 deletions
--- a/modules/services/adguardhome.nix
+++ b/modules/services/adguardhome.nix
@ -0,0 +1,69 @@
+{ config, ... }:
+
+{
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+    extraArgs = [ "--web-addr" "0.0.0.0:3003" ];
+
+    settings = {
+      http = {
+        # You can select any ip and port, just make sure to open firewalls where needed
+        address = "0.0.0.0:3003";
+      };
+
+      dns = {
+        bootstrap_dns = [ "1.1.1.1" ];
+
+        upstream_dns = [
+          "1.1.1.1"         # cloudflare
+          "9.9.9.9"         # dns.quad9.net
+          "149.112.112.112" # dns.quad9.net
+        ];
+      };
+
+      querylog.enabled = false;
+
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+      };
+
+      # The following notation uses map
+      # to not have to manually create {enabled = true; url = "";} for every filter
+      # This is, however, fully optional
+      filters = map(url: { enabled = true; url = url; }) [
+        "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt"  # The Big List of Hacked Malware Web Sites
+        "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"  # malicious url blocklist
+
+        # advertising
+        "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
+        "https://v.firebog.net/hosts/Admiral.txt"
+        "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
+        "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
+
+        # privacy
+        "https://v.firebog.net/hosts/Easyprivacy.txt"
+        "https://v.firebog.net/hosts/Prigent-Ads.txt"
+
+        # phishing
+        "https://v.firebog.net/hosts/Prigent-Crypto.txt"
+        "https://phishing.army/download/phishing_army_blocklist_extended.txt"
+
+        # malware
+        "https://v.firebog.net/hosts/RPiList-Malware.txt"
+        "https://lists.cyberhost.uk/malware.txt"
+      ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedUDPPorts = [ 53 ];
+
+  services.caddy.virtualHosts."dns.${config.homelab.domain}" = {
+    useACMEHost = config.homelab.domain;
+    extraConfig = ''
+      reverse_proxy http:/localhost:3003
+    '';
+  };
+}