diff options
| author | lunik1 <13547699+lunik1@users.noreply.github.com> | 2021-04-30 18:55:31 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-30 20:55:31 +0200 |
| commit | 248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c (patch) | |
| tree | a25ebdbf91126c3706d9e2d78f5582e6449d083d /nixos | |
| parent | 8a3ef679253778c39dc2e487d8afe35a9fe7f8ee (diff) | |
| download | nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar.gz nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar.bz2 nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar.lz nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar.xz nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.tar.zst nixpkgs-248a57d61a68fe08d9bbaa639ae3c6ea3a1bc57c.zip | |
nixos/adguardhome: init (#120568)
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/networking/adguardhome.nix | 78 |
2 files changed, 79 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index daa96e64f59..dd6fa483281 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -632,6 +632,7 @@ ./services/network-filesystems/xtreemfs.nix ./services/network-filesystems/ceph.nix ./services/networking/3proxy.nix + ./services/networking/adguardhome.nix ./services/networking/amuled.nix ./services/networking/aria2.nix ./services/networking/asterisk.nix diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix new file mode 100644 index 00000000000..4388ef2b7e5 --- /dev/null +++ b/nixos/modules/services/networking/adguardhome.nix @@ -0,0 +1,78 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.adguardhome; + + args = concatStringsSep " " ([ + "--no-check-update" + "--pidfile /run/AdGuardHome/AdGuardHome.pid" + "--work-dir /var/lib/AdGuardHome/" + "--config /var/lib/AdGuardHome/AdGuardHome.yaml" + "--host ${cfg.host}" + "--port ${toString cfg.port}" + ] ++ cfg.extraArgs); + +in +{ + options.services.adguardhome = with types; { + enable = mkEnableOption "AdGuard Home network-wide ad blocker"; + + host = mkOption { + default = "0.0.0.0"; + type = str; + description = '' + Host address to bind HTTP server to. + ''; + }; + + port = mkOption { + default = 3000; + type = port; + description = '' + Port to serve HTTP pages on. + ''; + }; + + openFirewall = mkOption { + default = false; + type = bool; + description = '' + Open ports in the firewall for the AdGuard Home web interface. Does not + open the port needed to access the DNS resolver. + ''; + }; + + extraArgs = mkOption { + default = [ ]; + type = listOf str; + description = '' + Extra command line parameters to be passed to the adguardhome binary. + ''; + }; + }; + + config = mkIf cfg.enable { + systemd.services.adguardhome = { + description = "AdGuard Home: Network-level blocker"; + after = [ "syslog.target" "network.target" ]; + wantedBy = [ "multi-user.target" ]; + unitConfig = { + StartLimitIntervalSec = 5; + StartLimitBurst = 10; + }; + serviceConfig = { + DynamicUser = true; + ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}"; + AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + Restart = "always"; + RestartSec = 10; + RuntimeDirectory = "AdGuardHome"; + StateDirectory = "AdGuardHome"; + }; + }; + + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + }; +} |