From 1569ae8ec34969e6a8b55d7b73b0dde7f995dee5 Mon Sep 17 00:00:00 2001
From: Nydragon <contact@ccnlc.eu>
Date: Sat, 26 Oct 2024 03:01:14 +0200
Subject: [PATCH] feat(dural): dedicated dns host

---
 hosts/default.nix       |  8 ++++++
 hosts/dural/adguard.nix | 64 +++++++++++++++++++++++++++++++++++++++++
 hosts/dural/default.nix |  7 +++++
 hosts/dural/disko.nix   | 19 ++++++++++++
 4 files changed, 98 insertions(+)
 create mode 100644 hosts/dural/adguard.nix
 create mode 100644 hosts/dural/default.nix
 create mode 100644 hosts/dural/disko.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index cfdf10b..ebca063 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -50,5 +50,13 @@ in
         inputs.nixos-hardware.nixosModules.raspberry-pi-4
       ];
     })
+
+    (mkSystem' {
+      hostname = "dural";
+      system = "x86_64-linux";
+      extraModules = [
+        inputs.disko.nixosModules.disko
+      ];
+    })
   ];
 }
diff --git a/hosts/dural/adguard.nix b/hosts/dural/adguard.nix
new file mode 100644
index 0000000..37a3882
--- /dev/null
+++ b/hosts/dural/adguard.nix
@@ -0,0 +1,64 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkIf;
+  cfg = config.services.adguardhome;
+in
+{
+  config = {
+    networking.firewall.allowedUDPPorts = mkIf cfg.openFirewall [ cfg.settings.dns.port ];
+
+    services.adguardhome = {
+      enable = true;
+      port = 3000;
+      openFirewall = true;
+      settings = {
+        http = {
+          address = "127.0.0.1:${toString cfg.port}";
+        };
+        auth_attempts = 5;
+        block_auth_min = 10;
+        dns = {
+          bind_hosts = [ "0.0.0.0" ];
+          port = 53;
+          upstream_mode = "load_balance";
+          #upstream_dns_file = config.age.secrets.adguard-dns-list.path;
+          fallback_dns = [ "9.9.9.9" ];
+        };
+        clients = {
+          persistent = [
+            {
+              ids = [
+                "100.64.0.1"
+                "192.168.178.20"
+              ];
+              name = "brontes";
+              tags = [ "device_pc" ];
+            }
+            {
+              ids = [
+                "100.64.0.2"
+                "192.168.178.53"
+              ];
+              name = "oneplus9";
+              tags = [ "device_phone" ];
+            }
+            {
+              ids = [ "100.64.0.5" ];
+              name = "marr";
+              tags = [ "device_laptop" ];
+            }
+            {
+              ids = [ "100.64.0.4" ];
+              name = "shan";
+              tags = [ "device_pc" ];
+            }
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/hosts/dural/default.nix b/hosts/dural/default.nix
new file mode 100644
index 0000000..a699c61
--- /dev/null
+++ b/hosts/dural/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./adguard.nix
+    ./disko.nix
+  ];
+}
diff --git a/hosts/dural/disko.nix b/hosts/dural/disko.nix
new file mode 100644
index 0000000..2e74ad5
--- /dev/null
+++ b/hosts/dural/disko.nix
@@ -0,0 +1,19 @@
+{ lib, ... }:
+let
+  inherit (lib.my.disko) mkSwap mkBoot mkRoot;
+in
+{
+  disko.devices.disk.builtin = {
+    device = "/dev/sda";
+    type = "disk";
+    imageSize = "16G";
+    content = {
+      type = "gpt";
+      partitions = {
+        ESP = mkBoot "1G";
+        swap = mkSwap "4G";
+        root = mkRoot "100%" "ext4";
+      };
+    };
+  };
+}