blob: 9cb7cc2df17f79d98a8f7d0e08a5063fafcc8923 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
{ config, lib, ... }:
{
services = {
adguardhome = {
enable = true;
openFirewall = false;
mutableSettings = false;
settings = {
http = {
address = "127.0.0.1:3000";
};
dns = {
bind_hosts = [ "127.0.0.1" ];
port = 53;
upstream_dns = [
"https://de-fra-dns-001.mullvad.net/dns-query"
"https://gb-lon-dns-001.mullvad.net/dns-query"
"https://gb-lon-dns-301.mullvad.net/dns-query"
];
fallback_dns = [
"9.9.9.9"
"149.112.112.112"
];
bootstrap_dns = [
"9.9.9.9"
"149.112.112.112"
];
};
filtering = {
rewrites = [
# searxng
{
domain = "search.internal";
answer = "127.0.0.1";
}
# adguard
{
domain = "dns.internal";
answer = "127.0.0.1";
}
];
protection_enabled = true;
filtering_enabled = true;
parental_enabled = false; # Parental control-based DNS requests filtering.
safe_search = {
enabled = false; # Enforcing "Safe search" option for search engines, when possible.
};
};
};
};
nginx ={
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts = {
"dns.internal" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
};
};
networking = {
nameservers = [
"127.0.0.1"
];
hosts = {
"127.0.0.1" = [
"dns.internal"
"search.internal"
];
};
};
}
|
