add ad guard home to h003

2025-08-07 11:40:49 -05:00 · 2025-08-07 11:40:49 -05:00 · 2894e4050c
commit 2894e4050c
parent e8679aa177
5 changed files with 77 additions and 14 deletions
--- a/hosts/h003/flake.nix
+++ b/hosts/h003/flake.nix
@ -29,7 +29,7 @@
              ros_neovim.nixosModules.default
              ./configuration.nix
              ./hardware-configuration.nix
-              ./networking.nix
+              ./mods
              (
                { config, pkgs, ... }:
                {
--- a/hosts/h003/mods/adguardhome.nix
+++ b/hosts/h003/mods/adguardhome.nix
@ -0,0 +1,50 @@
+{
+  ...
+}:
+{
+  config = {
+    services.adguardhome = {
+      enable = true;
+      allowDHCP = true;
+      openFirewall = false;
+    };
+
+    networking.firewall.interfaces.vlan20.allowedTCPPorts = [
+      53 # DNS
+      68 # DHCP
+      5543 # DNSCrypt
+      3000 # Initial installation
+      80 # admin panel
+      443 # admin panel
+      853 # DNS over tls
+      # 6060 # Debugging profile
+    ];
+    networking.firewall.interfaces.vlan20.allowedUDPPorts = [
+      53 # DNS
+      # 67 # DHCP
+      # 68 # DHCP
+      443 # Admin panel/https dns over https
+      853 # DNS over quic
+      5443 # DNSCrypt
+    ];
+
+    networking.firewall.interfaces.vlan30.allowedTCPPorts = [
+      53 # DNS
+      68 # DHCP
+      5543 # DNSCrypt
+      3000 # Initial installation
+      80 # admin panel
+      443 # admin panel
+      853 # DNS over tls
+      # 6060 # Debugging profile
+    ];
+    networking.firewall.interfaces.vlan30.allowedUDPPorts = [
+      53 # DNS
+      # 67 # DHCP
+      # 68 # DHCP
+      443 # Admin panel/https dns over https
+      853 # DNS over quic
+      5443 # DNSCrypt
+    ];
+  };
+}
--- a/hosts/h003/mods/default.nix
+++ b/hosts/h003/mods/default.nix
@ -0,0 +1,9 @@
+{
+  ...
+}:
+{
+  imports = [
+    ./networking.nix
+    ./adguardhome.nix
+  ];
+}
--- a/hosts/h003/mods/networking.nix
+++ b/hosts/h003/mods/networking.nix
@ -179,6 +179,7 @@
        "vlan30"
      ];
      bind-interfaces = true;
+      port = 0; # DISABLE DNS we are using ad guard for that

      # DHCP range and settings
      dhcp-range = [
@ -192,7 +193,8 @@
      dhcp-option = [
        "tag:mng,option:router,10.12.16.1"
        "tag:lan,option:router,10.12.14.1"
-        # "option:dns-server,10.12.14.1,1.1.1.1,8.8.8.8"
+        "tag:mng,option:dns-server,10.12.16.1"
+        "tag:lan,option:dns-server,10.12.14.1"
      ];

      # Static DHCP reservations