feat(shan): add adguard as dns

2024-10-03 11:19:28 +02:00 · 2024-10-03 11:19:28 +02:00 · 96b0c38c14
commit 96b0c38c14
parent 1a0f31acc5
4 changed files with 67 additions and 0 deletions
--- a/hosts/shan/adguard.nix
+++ b/hosts/shan/adguard.nix
@ -0,0 +1,50 @@
 {
  config,
  ...
 }:
 {
  config = {
    services.adguardhome = {
      enable = true;
      port = 3001;
      openFirewall = true;
      settings = {
        http = {
          address = "0.0.0.0:3000";
        };
        auth_attempts = 5;
        block_auth_min = 10;
        dns = {
          bind_hosts = [ "0.0.0.0" ];
          port = 53;
          upstream_mode = "load_balance";
          upstream_dns_file = config.age.secrets.adguard-dns-list.path;
        };
        clients = {
          persistent = [
            {
              ids = [ "100.64.0.1" ];
              name = "brontes";
              tags = [ "device_pc" ];
            }
            {
              ids = [ "100.64.0.2" ];
              name = "oneplus9";
              tags = [ "device_phone" ];
            }
            {
              ids = [ "100.64.0.5" ];
              name = "marr";
              tags = [ "device_laptop" ];
            }
            {
              ids = [ "100.64.0.4" ];
              name = "shan";
              tags = [ "device_pc" ];
            }
          ];
        };
      };
    };
  };
 }
--- a/hosts/shan/configuration.nix
+++ b/hosts/shan/configuration.nix
@ -10,9 +10,14 @@
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
    ../../modules
    ./adguard.nix
  ];
  age.secrets.navidrome.file = ../../secrets/navidrome.age;
  age.secrets.adguard-dns-list = {
    file = ../../secrets/adguard-dns-list.age;
    mode = "444";
  };
  boot.loader.grub = {
    efiSupport = true;
--- a/secrets/adguard-dns-list.age
+++ b/secrets/adguard-dns-list.age
@ -0,0 +1,11 @@
 age-encryption.org/v1
 -> ssh-ed25519 biwZXw /NmraADUuvsyZdUeXQaNPZa/2t5Wzw/gxPZ5X07sWko
 4YIalbrY+bIw5KPYjdZQ+2Ee6lWU615UxAl7yUh0TLk
 -> ssh-ed25519 b3HlPA BaN7hgkrsptRcB6zrlQwPPvF4AQxbtEqULUlhLCqhiU
 ezUUXTYOTUL4yz1onviM5aIqKdMgmlHgzSFsTuULLpg
 -> ssh-ed25519 cdUqUg Ll/EQkQDMecJVo1Ww6XjsSWuO1+D4n3TQr4rFbf77FE
 0NirirvYChbpzL4DxPdab4VlmxqvQJP/M1qec9dITiU
 -> ssh-ed25519 a1hgwg tiyV9+UND5BfewirzPDtPqbhPa9/xxoBxzMBzFOZ5Ww
 Zg5HBOFjDv4scsKjYFVNI/WzXGNLrP4nCqDSrQGQZNk
 --- 9mLbkpSrNWKhQKbkAHE8JjjL+w8dhFfG6XJBdeaWR+8
 jì›öªWòÆYÈ“ƒ˜„ˆžN¿ø–…²‹ëiƒ¤ãW©!2‚Yt˜oK{rf7(ÑŠág}ÿX Îþ,ô<>‘8Ëy½íïÐˆ*a¢ò@üm}@o8L2/ñ¨f#–…?¡ÊÖepÿÎv2$%1WÛöýAcÞ>Éò<C389>	–!:7íÐüÊÏ<C38A>àú2¡sRÓ½YŒ7q78ÑÁ<C391>mêPl
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -14,4 +14,5 @@ in
  "couchdb.age".publicKeys = devices;
  "rustypaste.age".publicKeys = devices;
  "navidrome.age".publicKeys = devices;
  "adguard-dns-list.age".publicKeys = devices;
 }