adguardhome: add upstream dns with sops
All checks were successful
flake check / check (push) Successful in 4m41s
fmt check / check (push) Successful in 59s
All checks were successful
flake check / check (push) Successful in 4m41s
fmt check / check (push) Successful in 59s
This commit is contained in:
parent
5ddc6c743f
commit
979ea64f9a
1 changed files with 21 additions and 2 deletions
|
@ -1,19 +1,38 @@
|
||||||
_: {
|
{config, ...}: {
|
||||||
imports = [
|
imports = [
|
||||||
./filters.nix
|
./filters.nix
|
||||||
./rewrites.nix
|
./rewrites.nix
|
||||||
];
|
];
|
||||||
|
sops.secrets.nextdns = {owner = "adguardhome";};
|
||||||
|
|
||||||
|
users.users.adguardhome = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "adguardhome";
|
||||||
|
};
|
||||||
|
users.groups.adguardhome = {};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [53 3000];
|
networking.firewall.allowedTCPPorts = [53 3000];
|
||||||
networking.firewall.allowedUDPPorts = [53];
|
networking.firewall.allowedUDPPorts = [53];
|
||||||
|
|
||||||
services.adguardhome = {
|
services.adguardhome = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
mutableSettings = true;
|
mutableSettings = true;
|
||||||
settings = {
|
settings = {
|
||||||
bind_port = 3000;
|
bind_port = 3000;
|
||||||
bind_host = "0.0.0.0";
|
bind_host = "192.168.1.103";
|
||||||
|
os = {
|
||||||
|
user = "adguardhome";
|
||||||
|
group = "adguardhome";
|
||||||
|
};
|
||||||
|
dns = {
|
||||||
|
upstream_dns_file = config.sops.secrets.nextdns.path;
|
||||||
|
enable_dnssec = true;
|
||||||
|
cache_optimistic = true;
|
||||||
|
};
|
||||||
statistics = {
|
statistics = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
|
interval = "336h";
|
||||||
ignored = [
|
ignored = [
|
||||||
"youporn.com"
|
"youporn.com"
|
||||||
"pornhub.com"
|
"pornhub.com"
|
||||||
|
|
Loading…
Reference in a new issue