{ pkgs, lib, config, ... }: let localIp = "192.168.178.129"; in { services.adguardhome = { enable = true; host = "127.0.0.1"; port = 12270; mutableSettings = false; # https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file settings = { users = [ # nix shell nixpkgs#mkpasswd --command mkpasswd --method=bcrypt { name = "kylekrein"; password = "$2b$05$W03hndNglgdYbbmsgR8Oxe5HaDi.ZeW9AIJvyB9oA9Bn8qDgYKFSy"; } ]; dns = { bind_hosts = [ "127.0.0.1" "::1" ]; upstream_dns = [ "94.140.14.14" "94.140.15.15" "1.1.1.1" ]; bootstrap_dns = [ "94.140.14.14" "94.140.15.15" "1.1.1.1" ]; }; filtering = { protection_enabled = true; filtering_enabled = true; parental_enabled = false; safe_search = {enabled = false;}; rewrites = map (url: { enabled = true; answer = localIp; domain = url; }) [ "kylekrein.com" "*.kylekrein.com" "alexanderlebedev.com" ]; }; statistics = { enabled = true; interval = "8760h"; }; filters = map (url: { enabled = true; url = url; }) [ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard DNS filter "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # Malware "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # Malicious URLs #https://github.com/hagezi/dns-blocklists "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt" # Pro blocking "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt" "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/fake.txt" "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt" ]; }; }; networking.firewall.allowedTCPPorts = [53]; networking.firewall.allowedUDPPorts = [53]; }