275 lines
9.3 KiB
Nix
275 lines
9.3 KiB
Nix
{ ... }:
|
|
let
|
|
portDefinitions = import ./_port-definitions.nix;
|
|
nginxLocalServiceConfig = import ./nginx-local-config.nix;
|
|
in {
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ portDefinitions.adguardhome-dns ];
|
|
allowedUDPPorts =
|
|
[ portDefinitions.adguardhome-dns portDefinitions.adguardhome-dhcp-udp ];
|
|
};
|
|
services = {
|
|
adguardhome = {
|
|
enable = true;
|
|
allowDHCP = true;
|
|
mutableSettings = true;
|
|
port = portDefinitions.adguardhome-http;
|
|
settings = {
|
|
http = {
|
|
address = "127.0.0.1:${toString portDefinitions.adguardhome-http}";
|
|
session_ttl = "720h";
|
|
};
|
|
dns = {
|
|
bind_hosts = [ "10.0.0.1" ];
|
|
port = portDefinitions.adguardhome-dns;
|
|
anonymize_client_ip = false;
|
|
ratelimit = 0;
|
|
upstream_dns = [ "https://dns10.quad9.net/dns-query" ];
|
|
bootstrap_dns =
|
|
[ "9.9.9.10" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10" ];
|
|
};
|
|
dhcp = {
|
|
enabled = true;
|
|
interface_name = "enp5s0";
|
|
local_domain_name = "lan";
|
|
dhcpv4 = {
|
|
gateway_ip = "10.0.0.254";
|
|
subnet_mask = "255.255.255.0";
|
|
range_start = "10.0.0.10";
|
|
range_end = "10.0.0.199";
|
|
lease_duration = 86400;
|
|
icmp_timeout_msec = 1000;
|
|
};
|
|
};
|
|
filtering = {
|
|
safe_search.enabled = false;
|
|
filtering_enabled = true;
|
|
parental_enabled = false;
|
|
safebrowsing_enabled = false;
|
|
protection_enabled = true;
|
|
cache_time = 30;
|
|
filters_update_interval = 24;
|
|
rewrites = [
|
|
{
|
|
domain = "rcia.dev";
|
|
answer = "10.0.0.1";
|
|
}
|
|
{
|
|
domain = "*.rcia.dev";
|
|
answer = "10.0.0.1";
|
|
}
|
|
];
|
|
};
|
|
clients = {
|
|
runtime_sources = {
|
|
whois = true;
|
|
arp = true;
|
|
rdns = true;
|
|
dhcp = true;
|
|
hosts = true;
|
|
};
|
|
persistent = [
|
|
{
|
|
name = "Decodificador";
|
|
ids = [ "10.0.0.200" ];
|
|
tags = [ "device_tv" ];
|
|
upstreams = [ "172.26.23.3" ];
|
|
use_global_settings = true;
|
|
}
|
|
{
|
|
name = "Poco X3";
|
|
ids = [ "10.0.0.202" ];
|
|
tags = [ "device_phone" ];
|
|
use_global_settings = false;
|
|
filtering_enabled = false;
|
|
}
|
|
{
|
|
name = "Tablet Samsung";
|
|
ids = [ "10.0.0.201" ];
|
|
tags = [ "device_tablet" ];
|
|
use_global_settings = false;
|
|
filtering_enabled = false;
|
|
}
|
|
];
|
|
};
|
|
filters = [
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
|
|
name = "AdGuard DNS filter";
|
|
id = 1;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
|
|
name = "AdAway Default Blocklist";
|
|
id = 2;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_23.txt";
|
|
name = "WindowsSpyBlocker - Hosts spy rules";
|
|
id = 1687062393;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_6.txt";
|
|
name = "Dandelion Sprout's Game Console Adblock List";
|
|
id = 1687062394;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt";
|
|
name = "Phishing URL Blocklist (PhishTank and OpenPhish)";
|
|
id = 1687062395;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_7.txt";
|
|
name = "Perflyst and Dandelion Sprout's Smart-TV Blocklist";
|
|
id = 1687062396;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt";
|
|
name = "Dandelion Sprout's Anti-Malware List";
|
|
id = 1687062397;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt";
|
|
name = "Scam Blocklist by DurableNapkin";
|
|
id = 1687062398;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt";
|
|
name = "The Big List of Hacked Malware Web Sites";
|
|
id = 1687062399;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_33.txt";
|
|
name = "Steven Black's List";
|
|
id = 1687062400;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_4.txt";
|
|
name = "Dan Pollock's List";
|
|
id = 1687062401;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt";
|
|
name = "Malicious URL Blocklist (URLHaus)";
|
|
id = 1687062402;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt";
|
|
name = "Peter Lowe's Blocklist";
|
|
id = 1687062403;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_32.txt";
|
|
name = "The NoTracking blocklist";
|
|
id = 1687062404;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt";
|
|
name = "Stalkerware Indicators List";
|
|
id = 1694924469;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_44.txt";
|
|
name = "HaGeZi's Threat Intelligence Feeds";
|
|
id = 1694924470;
|
|
}
|
|
{
|
|
enabled = true;
|
|
url =
|
|
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_8.txt";
|
|
name = "NoCoin Filter List";
|
|
id = 1694924471;
|
|
}
|
|
];
|
|
user_rules = [
|
|
"||www.googleadservices.com^$important"
|
|
"||rdvs.alljoyn.org^$important"
|
|
"||safebrowsing.google.com^$client='10.0.0.28'"
|
|
"||fm.nvc.heil.nuancemobility.net^$client='10.0.0.230'"
|
|
"@@||npdl.cdn.nintendowifi.net^$important"
|
|
"||tse3.mm.bing.net^$important"
|
|
"@@||repo.webosbrew.org^$important"
|
|
"||es.lgeapi.com^$important"
|
|
"||discovery.meethue.com^$important"
|
|
"||eic.lgtviot.com^$important"
|
|
"||qs2-nevoai-iothub-02-prod.azure-devices.net^$important"
|
|
"||snu.lge.com^$important"
|
|
"||su.lge.com^$important"
|
|
"||su-ssl.lge.com^$important"
|
|
"||snu-dev.lge.com^$important"
|
|
"||su-dev.lge.com^$important"
|
|
"||nsu.lge.com^$important"
|
|
"||eic.commonpush.lgtviot.com^$important"
|
|
"||eic.sports.lgtviot.com^$important"
|
|
"||es.lgtvsdp.com^$important"
|
|
"||prod-ripcut-delivery.disney-plus.net^$client='TV'"
|
|
"||ngfts.lge.com^$important"
|
|
"||lgtvonline.lge.com^$important"
|
|
"||www.ueiwsp.com^$important"
|
|
"||temu.com^$important"
|
|
"||www.temu.com^$important"
|
|
"@@||unity3d.com^$client='10.0.0.7'"
|
|
"@@||config.ads.vungle.com^$client='10.0.0.7'"
|
|
"@@||rayjump.com^$client='10.0.0.7'"
|
|
"@@||vungle.com^$client='10.0.0.7'"
|
|
"@@||mtgglobals.com^$client='10.0.0.7'"
|
|
"@@||fundingchoicesmessages.google.com^$client='10.0.0.7'"
|
|
"@@||applovin.com^$client='10.0.0.7'"
|
|
"@@||rovio.com^$client='10.0.0.7'"
|
|
"@@||gov.aniview.com^$client='10.0.0.7'"
|
|
"@@||unity3d.com^$client='10.10.0.3'"
|
|
"@@||config.ads.vungle.com^$client='10.10.0.3'"
|
|
"@@||rayjump.com^$client='10.10.0.3'"
|
|
"@@||vungle.com^$client='10.10.0.3'"
|
|
"@@||mtgglobals.com^$client='10.10.0.3'"
|
|
"@@||fundingchoicesmessages.google.com^$client='10.10.0.3'"
|
|
"@@||googleads.g.doubleclick.net^$client='10.10.0.3'"
|
|
"@@||applovin.com^$client='10.10.0.3'"
|
|
"@@||rovio.com^$client='10.10.0.3'"
|
|
"@@||gov.aniview.com^$client='10.10.0.3'"
|
|
"@@||cdn.liftoff-creatives.io^$client='10.0.0.7'"
|
|
"||googleads.g.doubleclick.net^$client='Tablet'"
|
|
];
|
|
};
|
|
};
|
|
nginx.virtualHosts."dns.rcia.dev" = {
|
|
forceSSL = true;
|
|
locations."/".proxyPass =
|
|
"http://127.0.0.1:${toString portDefinitions.adguardhome-http}";
|
|
extraConfig = nginxLocalServiceConfig;
|
|
useACMEHost = "rcia.dev";
|
|
};
|
|
};
|
|
}
|