nix-config/systems/aarch64-linux/pi5/adguard.nix

{ lib, namespace, ... }:
let
  net = lib.${namespace}.network;
in
{
  services.resolved.enable = lib.mkForce false;
  services.adguardhome = {
    enable = true;
    openFirewall = true;
    allowDHCP = true;
    mutableSettings = true;
    settings = {
      http.address = "0.0.0.0:0";
      users = [
        {
          name = "mjallen";
          password = "$2a$10$G07P7V1EnBQxWtMNGyfgTOTpAgr4d.uqYoG.cGSFCv9jQdiYWCsfq";
        }
      ];
      dns = {
        upstream_dns = [
          "https://dns10.quad9.net/dns-query"
          "1.1.1.1"
          "8.8.8.8"
        ];
        bootstrap_dns = [
          "9.9.9.10"
          "149.112.112.10"
          "2620:fe::10"
          "2620:fe::fe:10"
        ];
        upstream_mode = "load_balance";
        trusted_proxies = [
          "127.0.0.0/8"
          "::1/128"
          net.hosts.nas.lan
        ];
        cache_optimistic = true;
      };
      dhcp = {
        enabled = false;
        interface_name = "end0";
        local_domain_name = "lan";
        dhcpv4 = {
          gateway_ip = "10.0.1.1";
          subnet_mask = "255.255.255.0";
          range_start = "10.0.1.100";
          range_end = "10.0.1.254";
          lease_duration = 86400;
          icmp_timeout_msec = 1000;
        };
        dhcpv6 = {
          range_start = "2001::1";
          lease_duration = 86400;
          ra_slaac_only = false;
          ra_allow_slaac = false;
        };
      };
      filtering = {
        rewrites = [
          {
            domain = "actual.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "adguard.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "cache.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "chat.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "code.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "esphome.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "grafana.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "manyfold.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "orca.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "sabnzbd.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "sonarr.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "orca.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
          {
            domain = "tunarr.mjallen.dev";
            answer = "10.0.1.4";
            enabled = true;
          }
        ];
      };
    };
  };
}