huge restructure of modules

author: aethrvmn <me@aethrvmn.gr> 2025-11-30 21:59:43 +0000
committer: aethrvmn <me@aethrvmn.gr> 2025-11-30 21:59:43 +0000
commit: 893ea11e1dc05fe1a2a34e66d4ebcfdffda34720 (patch)
tree: ef454e299f49cbb58e1b9fbafd0b759b4379ac2a /modules/adguard/default.nix
parent: added .lock to ignorelist (diff)
1 files changed, 88 insertions, 0 deletions
diff --git a/modules/adguard/default.nix b/modules/adguard/default.nix
new file mode 100644
index 0000000..9cb7cc2
--- /dev/null
+++ b/modules/adguard/default.nix
@@ -0,0 +1,88 @@
+{ config, lib, ... }:
+{
+  services = {
+    adguardhome = {
+      enable = true;
+      openFirewall = false;
+      mutableSettings = false;
+
+      settings = {
+        http = {
+          address = "127.0.0.1:3000";
+        };
+
+        dns = {
+          bind_hosts = [ "127.0.0.1" ];
+          port = 53;
+
+          upstream_dns = [
+            "https://de-fra-dns-001.mullvad.net/dns-query"
+            "https://gb-lon-dns-001.mullvad.net/dns-query"
+            "https://gb-lon-dns-301.mullvad.net/dns-query"
+          ];
+          fallback_dns = [
+            "9.9.9.9"
+            "149.112.112.112"
+          ];
+          bootstrap_dns = [
+            "9.9.9.9"
+            "149.112.112.112"
+          ];
+        };
+
+        filtering = {
+          rewrites = [
+            # searxng
+            {
+              domain = "search.internal";
+              answer = "127.0.0.1";
+            } 
+            # adguard
+            {
+              domain = "dns.internal";
+              answer = "127.0.0.1";
+            } 
+          ];
+          
+          protection_enabled = true;
+          filtering_enabled = true;
+
+          parental_enabled = false;  # Parental control-based DNS requests filtering.
+
+          safe_search = {
+            enabled = false;  # Enforcing "Safe search" option for search engines, when possible.
+          };
+        };
+      };
+    };
+
+    nginx ={
+			enable = true;
+	    recommendedGzipSettings = true;
+	    recommendedOptimisation = true;
+	    recommendedProxySettings = true;
+
+      virtualHosts = {
+        "dns.internal" = {
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:3000";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+
+  networking = {
+    nameservers = [
+      "127.0.0.1"
+    ];
+
+    hosts = {
+      "127.0.0.1" = [
+        "dns.internal"
+        "search.internal"
+      ];
+    };
+  };
+}
author	aethrvmn <me@aethrvmn.gr>	2025-11-30 21:59:43 +0000
committer	aethrvmn <me@aethrvmn.gr>	2025-11-30 21:59:43 +0000
commit	893ea11e1dc05fe1a2a34e66d4ebcfdffda34720 (patch)
tree	ef454e299f49cbb58e1b9fbafd0b759b4379ac2a /modules/adguard/default.nix
parent	added .lock to ignorelist (diff)