ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add ad guard home to h003

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-07 11:40:49 -05:00
parent e8679aa177
commit 2894e4050c
5 changed files with 77 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

26
hosts/h001/mods/adguardhome.nix
View file

@ -10,20 +10,22 @@
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
53 53 # DNS
67 68 # DHCP
68 5543 # DNSCrypt
5543 # 3000 # Initial installation
3000 80 # admin panel
443 # admin panel
853 # DNS over tls
# 6060 # Debugging profile
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
53 53 # DNS
67 # 67 # DHCP
68 # 68 # DHCP
784 443 # Admin panel/https dns over https
853 853 # DNS over quic
8853 5443 # DNSCrypt
5443
]; ];
}; };
} }

2
hosts/h003/flake.nix
View file

@ -29,7 +29,7 @@
ros_neovim.nixosModules.default ros_neovim.nixosModules.default
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix ./mods
( (
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {

50
hosts/h003/mods/adguardhome.nix Normal file
View file

@ -0,0 +1,50 @@
{
...
}:
{
config = {
services.adguardhome = {
enable = true;
allowDHCP = true;
openFirewall = false;
};
networking.firewall.interfaces.vlan20.allowedTCPPorts = [
53 # DNS
68 # DHCP
5543 # DNSCrypt
3000 # Initial installation
80 # admin panel
443 # admin panel
853 # DNS over tls
# 6060 # Debugging profile
];
networking.firewall.interfaces.vlan20.allowedUDPPorts = [
53 # DNS
# 67 # DHCP
# 68 # DHCP
443 # Admin panel/https dns over https
853 # DNS over quic
5443 # DNSCrypt
];
networking.firewall.interfaces.vlan30.allowedTCPPorts = [
53 # DNS
68 # DHCP
5543 # DNSCrypt
3000 # Initial installation
80 # admin panel
443 # admin panel
853 # DNS over tls
# 6060 # Debugging profile
];
networking.firewall.interfaces.vlan30.allowedUDPPorts = [
53 # DNS
# 67 # DHCP
# 68 # DHCP
443 # Admin panel/https dns over https
853 # DNS over quic
5443 # DNSCrypt
];
};
}

9
hosts/h003/mods/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
...
}:
{
imports = [
./networking.nix
./adguardhome.nix
];
}

4
hosts/h003/networking.nix → hosts/h003/mods/networking.nix
View file

@ -179,6 +179,7 @@
"vlan30" "vlan30"
]; ];
bind-interfaces = true; bind-interfaces = true;
port = 0; # DISABLE DNS we are using ad guard for that
# DHCP range and settings # DHCP range and settings
dhcp-range = [ dhcp-range = [
@ -192,7 +193,8 @@
dhcp-option = [ dhcp-option = [
"tag:mng,option:router,10.12.16.1" "tag:mng,option:router,10.12.16.1"
"tag:lan,option:router,10.12.14.1" "tag:lan,option:router,10.12.14.1"
# "option:dns-server,10.12.14.1,1.1.1.1,8.8.8.8" "tag:mng,option:dns-server,10.12.16.1"
"tag:lan,option:dns-server,10.12.14.1"
]; ];
# Static DHCP reservations # Static DHCP reservations