feat: add filters and rewrites to adguardhome

2025-10-10 23:00:39 +02:00 · 2024-01-11 20:17:31 +01:00 · 2024-01-11 20:17:31 +01:00 · 8876f3076e
commit 8876f3076e
parent a44f73d3b0
5 changed files with 74 additions and 48 deletions
--- a/README.md
+++ b/README.md
@ -75,6 +75,7 @@ Server related stuff:

 If you are interested in parts of my configuration,
 you probably want to examine the contents of `users/`, `modules/` and `hosts/`.
+Also, a lot of interesting modules have been moved to [nixos-extra-modules](https://github.com/oddlama/nixos-extra-modules), a separate repository specifically for reusable stuff.
 The full structure of this flake is described in [STRUCTURE.md](./STRUCTURE.md),
 but here's a quick breakdown of the what you will find where.

--- a/flake.lock
+++ b/flake.lock
@ -331,10 +331,10 @@
    "devshell_3": {
      "inputs": {
        "nixpkgs": [
-          "extra-modules",
+          "nixos-extra-modules",
          "nixpkgs"
        ],
-        "systems": "systems_6"
+        "systems": "systems_7"
      },
      "locked": {
        "lastModified": 1701787589,
@ -394,32 +394,6 @@
        "type": "github"
      }
    },
-    "extra-modules": {
-      "inputs": {
-        "devshell": "devshell_3",
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "lib-net": "lib-net",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "pre-commit-hooks": "pre-commit-hooks_3"
-      },
-      "locked": {
-        "lastModified": 1704938286,
-        "narHash": "sha256-/uv+N2v5ixqYz7SG8R5GWOTdrNKboHEp85BR5Jdz6qE=",
-        "owner": "oddlama",
-        "repo": "nixos-extra-modules",
-        "rev": "c55f465ba1f369852ab4122a9fa42c85b4a571de",
-        "type": "github"
-      },
-      "original": {
-        "owner": "oddlama",
-        "repo": "nixos-extra-modules",
-        "type": "github"
-      }
-    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -630,7 +604,7 @@
    },
    "flake-utils_4": {
      "inputs": {
-        "systems": "systems_7"
+        "systems": "systems_6"
      },
      "locked": {
        "lastModified": 1701680307,
@ -743,7 +717,7 @@
    "gitignore_3": {
      "inputs": {
        "nixpkgs": [
-          "extra-modules",
+          "nixos-extra-modules",
          "pre-commit-hooks",
          "nixpkgs"
        ]
@ -994,6 +968,32 @@
        "type": "github"
      }
    },
+    "nixos-extra-modules": {
+      "inputs": {
+        "devshell": "devshell_3",
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "lib-net": "lib-net",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "pre-commit-hooks": "pre-commit-hooks_3"
+      },
+      "locked": {
+        "lastModified": 1704938286,
+        "narHash": "sha256-/uv+N2v5ixqYz7SG8R5GWOTdrNKboHEp85BR5Jdz6qE=",
+        "owner": "oddlama",
+        "repo": "nixos-extra-modules",
+        "rev": "c55f465ba1f369852ab4122a9fa42c85b4a571de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oddlama",
+        "repo": "nixos-extra-modules",
+        "type": "github"
+      }
+    },
    "nixos-generators": {
      "inputs": {
        "nixlib": "nixlib",
@ -1271,12 +1271,12 @@
      "inputs": {
        "flake-compat": "flake-compat_4",
        "flake-utils": [
-          "extra-modules",
+          "nixos-extra-modules",
          "flake-utils"
        ],
        "gitignore": "gitignore_3",
        "nixpkgs": [
-          "extra-modules",
+          "nixos-extra-modules",
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable_3"
@ -1328,12 +1328,12 @@
        "devshell": "devshell_2",
        "disko": "disko",
        "elewrap": "elewrap",
-        "extra-modules": "extra-modules",
        "flake-utils": "flake-utils_4",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "microvm": "microvm",
        "nix-index-database": "nix-index-database",
+        "nixos-extra-modules": "nixos-extra-modules",
        "nixos-generators": "nixos-generators",
        "nixos-hardware": "nixos-hardware",
        "nixos-nftables-firewall": "nixos-nftables-firewall",
--- a/flake.nix
+++ b/flake.nix
@ -29,12 +29,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    extra-modules = {
-      url = "github:oddlama/nixos-extra-modules";
-      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.flake-utils.follows = "flake-utils";
-    };
-
    flake-utils.url = "github:numtide/flake-utils";

    home-manager = {
@ -44,11 +38,23 @@

    impermanence.url = "github:nix-community/impermanence";

+    microvm = {
+      url = "github:astro/microvm.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
+
    nix-index-database = {
      url = "github:Mic92/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };

+    nixos-extra-modules = {
+      url = "github:oddlama/nixos-extra-modules";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
+
    nixos-hardware.url = "github:NixOS/nixos-hardware";

    nixos-generators = {
@ -74,12 +80,6 @@
      inputs.pre-commit-hooks.follows = "pre-commit-hooks";
    };

-    microvm = {
-      url = "github:astro/microvm.nix";
-      inputs.nixpkgs.follows = "nixpkgs";
-      inputs.flake-utils.follows = "flake-utils";
-    };
-
    pre-commit-hooks = {
      url = "github:cachix/pre-commit-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
@ -104,7 +104,7 @@
    self,
    agenix-rekey,
    devshell,
-    extra-modules,
+    nixos-extra-modules,
    flake-utils,
    nixos-generators,
    nixpkgs,
@ -167,7 +167,7 @@
          import ./lib inputs
          ++ import ./pkgs/default.nix
          ++ [
-            extra-modules.overlays.default
+            nixos-extra-modules.overlays.default
            devshell.overlays.default
            agenix-rekey.overlays.default
          ];
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -77,6 +77,31 @@ in {
          "2001:4860:4860::8844"
        ];
        dhcp.enabled = false;
+        # Undo the /etc/hosts entry so we don't answer with the internal
+        # wireguard address for influxdb
+        rewrites = [
+          {
+            domain = sentinelCfg.networking.providedDomains.influxdb;
+            answer = sentinelCfg.repo.secrets.local.personalDomain;
+          }
+        ];
+        filters = [
+          {
+            name = "AdGuard DNS filter";
+            url = "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt";
+            enabled = true;
+          }
+          {
+            name = "AdaAway Default Blocklist";
+            url = "https://adaway.org/hosts.txt";
+            enabled = true;
+          }
+          {
+            name = "OISD (Big)";
+            url = "https://big.oisd.nl";
+            enabled = true;
+          }
+        ];
      };
    };
  };
--- a/modules/default.nix
+++ b/modules/default.nix
@ -5,7 +5,7 @@
    inputs.agenix.nixosModules.default
    inputs.disko.nixosModules.disko
    inputs.elewrap.nixosModules.default
-    inputs.extra-modules.nixosModules.default
+    inputs.nixos-extra-modules.nixosModules.default
    inputs.home-manager.nixosModules.default
    inputs.impermanence.nixosModules.impermanence
    inputs.nixos-nftables-firewall.nixosModules.default