{ pkgs, lib, config, ... }: let localIp = "10.10.10.10"; in { services.adguardhome = { enable = true; host = "127.0.0.1"; port = 12270; mutableSettings = false; # https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration#configuration-file settings = { users = [ # nix shell nixpkgs#mkpasswd --command mkpasswd --method=bcrypt { name = "kylekrein"; password = "$2b$05$W03hndNglgdYbbmsgR8Oxe5HaDi.ZeW9AIJvyB9oA9Bn8qDgYKFSy"; } ]; dns = { bind_hosts = [ "127.0.0.1" "::1" ]; upstream_dns = [ "94.140.14.14" "94.140.15.15" "1.1.1.1" ]; bootstrap_dns = [ "94.140.14.14" "94.140.15.15" "1.1.1.1" ]; cache_enabled = true; cache_size = 1024 * 256; cache_ttl_min = 60; cache_ttl_max = 60 * 60 * 24 * 365; cache_optimistic = true; cache_optimistic_answer_ttl = 180; cache_optimistic_max_age = 600; }; filtering = { protection_enabled = true; filtering_enabled = true; parental_enabled = false; safe_search = {enabled = false;}; rewrites = map (url: { enabled = true; answer = localIp; domain = url; }) [ "kylekrein.com" "*.kylekrein.com" "alexanderlebedev.com" ]; }; statistics = { enabled = false; interval = "8760h"; }; querylog = { enabled = false; }; dhcp = { enabled = false; }; filters = map (url: { enabled = true; url = url; }) [ "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard DNS filter "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # Malware "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # Malicious URLs #https://github.com/hagezi/dns-blocklists "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt" # Pro blocking "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt" "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/fake.txt" "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt" ]; }; }; networking.firewall.allowedTCPPorts = [53]; networking.firewall.allowedUDPPorts = [53]; }