rp5: working adguardhome!

2024-11-25 22:25:05 +01:00 · 2024-11-25 22:25:05 +01:00 · 047d4f7dbd
parent 965aa569ff
commit 047d4f7dbd
2 changed files with 59 additions and 2 deletions
--- a/modules/home/apps/cli-apps/fish/default.nix
+++ b/modules/home/apps/cli-apps/fish/default.nix
@ -24,7 +24,6 @@ in
        shellInit = ''
          zoxide init fish | source
          direnv hook fish | source
-          source ~/.config/op/plugins.sh

          set -x LESS_TERMCAP_mb \e'[01;32m'
          set -x LESS_TERMCAP_md \e'[01;32m'
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@ -1,4 +1,5 @@
 {
+  config,
  inputs,
  lib,
  modulesPath,
@ -9,6 +10,8 @@
 with lib.${namespace};
 let
  inherit (lib) mkForce;
+
+  ipAddress = "192.168.178.2";
 in
 {
  imports = with inputs.nixos-hardware.nixosModules; [
@ -16,6 +19,7 @@ in
    raspberry-pi-5
  ];

+  security.sudo.wheelNeedsPassword = false;
  users.users.remotebuild = {
    isNormalUser = true;
    createHome = false;
@ -51,10 +55,11 @@ in
    interfaces.wlan0 = {
      ipv4.addresses = [
        {
-          address = "192.168.178.2";
+          address = ipAddress;
          prefixLength = 24;
        }
      ];
+      useDHCP = true;
    };
    defaultGateway = {
      address = "192.168.178.1";
@ -71,6 +76,59 @@ in
    };
  };

+  networking.firewall = {
+    allowedTCPPorts = [
+      53
+      80
+    ];
+    allowedUDPPorts = [
+      53
+    ];
+  };
+
+  services.adguardhome = {
+    enable = true;
+    host = ipAddress;
+    port = 80;
+
+    settings = {
+      http = {
+        address = "0.0.0.0:80";
+      };
+      dns = {
+        ratelimit = 0;
+        bind_hosts = [ "0.0.0.0" ];
+        upstream_dns = [
+          "1.1.1.1"
+          "1.0.0.1"
+          "8.8.8.8"
+          "8.8.4.4"
+        ];
+      };
+      filtering = {
+        protection_enabled = true;
+        filtering_enabled = true;
+      };
+
+      filters =
+        map
+          (url: {
+            enabled = true;
+            url = url;
+          })
+          [
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
+            "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
+          ];
+
+    };
+  };
+
  # Pi specific stuff  
  raspberry-pi-nix.board = "bcm2712";
  hardware = {