diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix
index bfd5a50..3ea37e9 100644
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@@ -104,8 +104,8 @@
enable = true;
subdomain = "home";
};
- pihole = {
- enable = true;
+ adguardhome = {
+ enable = false;
};
nextcloud = {
enable = true;
diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix
index da19108..85dcd9e 100644
--- a/configurations/nixos/defiant/hardware-configuration.nix
+++ b/configurations/nixos/defiant/hardware-configuration.nix
@@ -74,6 +74,9 @@
address = [
"192.168.1.10/24"
];
+
+ gateway = ["192.168.1.1"];
+ dns = ["192.168.1.1"];
};
};
};
diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix
index 008f060..e969e20 100644
--- a/modules/nixos-modules/impermanence.nix
+++ b/modules/nixos-modules/impermanence.nix
@@ -102,19 +102,6 @@
directories = [
"/var/lib/nixos"
"/var/lib/systemd/coredump"
-
- # config.apps.pihole.directory.root
-
- # config.apps.jellyfin.mediaDirectory
- # config.services.jellyfin.configDir
- # config.services.jellyfin.cacheDir
- # config.services.jellyfin.dataDir
-
- # "/var/hass" # config.users.users.hass.home
- # "/var/postgresql" # config.users.users.postgresql.home
- # "/var/forgejo" # config.users.users.forgejo.home
- # "/var/nextcloud" # config.users.users.nextcloud.home
- # "/var/headscale" # config.users.users.headscale.home
];
files = [
"/etc/machine-id"
diff --git a/modules/nixos-modules/server/adguardhome.nix b/modules/nixos-modules/server/adguardhome.nix
new file mode 100644
index 0000000..866ad8a
--- /dev/null
+++ b/modules/nixos-modules/server/adguardhome.nix
@@ -0,0 +1,72 @@
+{
+ lib,
+ config,
+ ...
+}: let
+ dnsPort = 53;
+in {
+ options.host.adguardhome = {
+ enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
+ directory = lib.mkOption {
+ type = lib.types.str;
+ default = "/var/lib/AdGuardHome/";
+ };
+ };
+ config = lib.mkIf config.host.adguardhome.enable (lib.mkMerge [
+ {
+ services.adguardhome = {
+ enable = true;
+ mutableSettings = false;
+ settings = {
+ dns = {
+ bootstrap_dns = [
+ "1.1.1.1"
+ "9.9.9.9"
+ ];
+ upstream_dns = [
+ "dns.quad9.net"
+ ];
+ };
+ filtering = {
+ protection_enabled = true;
+ filtering_enabled = true;
+
+ parental_enabled = false; # Parental control-based DNS requests filtering.
+ safe_search = {
+ enabled = false; # Enforcing "Safe search" option for search engines, when possible.
+ };
+ };
+ # The following notation uses map
+ # to not have to manually create {enabled = true; url = "";} for every filter
+ # This is, however, fully optional
+ filters =
+ map (url: {
+ enabled = true;
+ url = url;
+ }) [
+ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"
+ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+ ];
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [
+ dnsPort
+ ];
+ }
+ (lib.mkIf config.host.impermanence.enable {
+ environment.persistence."/persist/system/root" = {
+ enable = true;
+ hideMounts = true;
+ directories = [
+ {
+ directory = config.host.adguardhome.directory;
+ user = "adguardhome";
+ group = "adguardhome";
+ }
+ ];
+ };
+ })
+ ]);
+}
diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix
index c8e17a9..a031b0d 100644
--- a/modules/nixos-modules/server/default.nix
+++ b/modules/nixos-modules/server/default.nix
@@ -9,7 +9,7 @@
./forgejo.nix
./searx.nix
./home-assistant.nix
- ./pihole.nix
+ ./adguardhome.nix
./nextcloud.nix
];
}
diff --git a/modules/nixos-modules/server/pihole.nix b/modules/nixos-modules/server/pihole.nix
deleted file mode 100644
index aee6105..0000000
--- a/modules/nixos-modules/server/pihole.nix
+++ /dev/null
@@ -1,158 +0,0 @@
-{
- lib,
- config,
- inputs,
- ...
-}: let
- dnsPort = 53;
- webPort = 8090;
-in {
- options.host.pihole = {
- enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
- directory = lib.mkOption {
- type = lib.types.str;
- default = "/var/lib/pihole";
- };
- image = lib.mkOption {
- type = lib.types.str;
- default = "pihole/pihole:latest";
- description = "container image to use for pi-hole";
- };
- # piholeStateDirectory = {
- # type = lib.types.str;
- # default = "${config.host.pihole.directory}/pihole";
- # };
- # tailscaleStateDirectory = {
- # type = lib.types.str;
- # default = "${config.host.pihole.directory}/tailscale";
- # };
- # piholeImage = lib.mkOption {
- # type = lib.types.str;
- # default = "pihole/pihole:2024.07.0";
- # description = "container image to use for pi-hole";
- # };
- # tailscaleImage = lib.mkOption {
- # type = lib.types.str;
- # default = "tailscale/tailscale:latest";
- # description = "container image to use for pi-holes tail scale";
- # };
- ip = lib.mkOption {
- type = lib.types.str;
- description = "ip address to use for pi-hole";
- };
- };
- config = lib.mkIf config.host.pihole.enable (lib.mkMerge [
- {
- host.podman.enable = true;
- sops = {
- secrets = {
- "services/pi-hole" = {
- sopsFile = "${inputs.secrets}/defiant-services.yaml";
- };
- # "wireguard-keys/tailscale-authkey/pihole" = {
- # sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
- # };
- };
- templates."pihole.env".content = ''
- FTLCONF_webserver_api_password=${config.sops.placeholder."services/pi-hole"}
- '';
- };
- systemd = {
- tmpfiles.rules = [
- "d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system
- # "d ${config.host.pihole.piholeStateDirectory} 755 pihole pihole -"
- # "d ${config.host.pihole.tailscaleStateDirectory} 755 pihole pihole -"
- ];
-
- services = {
- "podman-pihole" = {
- serviceConfig = {
- Restart = lib.mkOverride 500 "always";
- };
- # after = [
- # "podman-network-macvlan.service"
- # ];
- # requires = [
- # "podman-network-macvlan.service"
- # ];
- partOf = [
- "podman-compose-root.target"
- ];
- wantedBy = [
- "podman-compose-root.target"
- ];
- };
- };
- };
-
- services.resolved.enable = false;
-
- virtualisation = {
- oci-containers = {
- containers = {
- pihole = let
- passwordFileLocation = "/var/lib/pihole/webpassword.txt";
- in {
- image = config.host.pihole.image;
- volumes = [
- "${config.host.pihole.directory}:/etc/pihole:rw"
- "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}"
- ];
- environment = {
- TZ = "America/Chicago";
- FTLCONF_webserver_port = toString webPort;
- PIHOLE_UID = toString config.users.users.pihole.uid;
- PIHOLE_GID = toString config.users.groups.pihole.gid;
- };
- environmentFiles = [
- config.sops.templates."pihole.env".path
- ];
- log-driver = "journald";
- extraOptions = [
- "--network=host"
- # "--network=container:${tailscale container id}"
- ];
- };
- # ts-pihole = {
- # image = config.host.pihole.tailscaleImage;
- # volumes = "${config.host.pihole.tailscaleStateDirectory}:/var/lib/tailscale";
- # environment = {
- # TS_ACCEPT_DNS = "false";
- # TS_HOSTNAME = "pihole";
- # TS_STATE_DIR = "/var/lib/tailscale";
- # TS_USERSPACE = "false";
- # TS_EXTRA_ARGS = "--advertise-tags=tag:container";
- # };
- # environmentFiles = [
- # config.sops.templates."tailscale-pihole.env".path
- # ];
- # devices = [
- # "/dev/net/tun:/dev/net/tun"
- # ];
- # extraOptions = [
- # "--ip=${config.host.pihole.ip}"
- # "--network=macvlan"
- # ];
- # };
- };
- };
- };
- networking.firewall.allowedTCPPorts = [
- dnsPort
- ];
- }
- (lib.mkIf config.host.impermanence.enable {
- environment.persistence."/persist/system/root" = {
- enable = true;
- hideMounts = true;
- directories = [
- {
- directory = config.host.pihole.directory;
- user = "pihole";
- group = "pihole";
- }
- ];
- };
- })
- ]);
-}
diff --git a/modules/nixos-modules/server/podman.nix b/modules/nixos-modules/server/podman.nix
index b75c56f..e806e65 100644
--- a/modules/nixos-modules/server/podman.nix
+++ b/modules/nixos-modules/server/podman.nix
@@ -59,10 +59,10 @@
enable = true;
autoPrune.enable = true;
dockerCompat = true;
- defaultNetwork.settings = {
- # Required for container networking to be able to use names.
- dns_enabled = true;
- };
+ # defaultNetwork.settings = {
+ # # Required for container networking to be able to use names.
+ # dns_enabled = true;
+ # };
};
oci-containers = {
diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix
index 15631a9..f57e894 100644
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@@ -17,7 +17,7 @@
eve = 1002;
jellyfin = 2000;
forgejo = 2002;
- pihole = 2003;
+ adguardhome = 2003;
hass = 2004;
headscale = 2005;
nextcloud = 2006;
@@ -32,7 +32,7 @@
jellyfin_media = 2001;
jellyfin = 2000;
forgejo = 2002;
- pihole = 2003;
+ adguardhome = 2003;
hass = 2004;
headscale = 2005;
nextcloud = 2006;
@@ -123,10 +123,10 @@ in {
group = config.users.users.forgejo.name;
};
- pihole = {
- uid = lib.mkForce uids.pihole;
+ adguardhome = {
+ uid = lib.mkForce uids.adguardhome;
isSystemUser = true;
- group = config.users.users.pihole.name;
+ group = config.users.users.adguardhome.name;
};
hass = {
@@ -208,10 +208,10 @@ in {
];
};
- pihole = {
- gid = lib.mkForce gids.pihole;
+ adguardhome = {
+ gid = lib.mkForce gids.adguardhome;
members = [
- users.pihole.name
+ users.adguardhome.name
# leyla
];
};