forked from mirrors_public/oddlama_nix-config
fix: adguardhome config organization changed, also redirect some internal services to the new internal proxy
This commit is contained in:
oddlama
parent
3d12add14d
commit
34fd783e60
1 changed files with 41 additions and 38 deletions
|
|
@ -51,42 +51,45 @@ in {
|
||||||
topology.self.services.adguardhome.info = "https://" + adguardhomeDomain;
|
topology.self.services.adguardhome.info = "https://" + adguardhomeDomain;
|
||||||
services.adguardhome = {
|
services.adguardhome = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# TODO allow mutable settings, replace 123.123.123.123 with
|
|
||||||
# simpler sed dns.host_addr logic.
|
|
||||||
mutableSettings = false;
|
mutableSettings = false;
|
||||||
settings = {
|
settings = {
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
port = 3000;
|
port = 3000;
|
||||||
dns = {
|
dns = {
|
||||||
bind_hosts = [
|
|
||||||
# This dummy address passes the configuration check and will
|
|
||||||
# later be replaced by the actual interface address.
|
|
||||||
"123.123.123.123"
|
|
||||||
];
|
|
||||||
# allowed_clients = [
|
# allowed_clients = [
|
||||||
# ];
|
# ];
|
||||||
#trusted_proxied = [];
|
#trusted_proxies = [];
|
||||||
ratelimit = 60;
|
ratelimit = 60;
|
||||||
upstream_dns = [
|
upstream_dns = [
|
||||||
"1.1.1.1"
|
"1.1.1.1"
|
||||||
"2606:4700:4700::1111"
|
# FIXME: enable ipv6 "2606:4700:4700::1111"
|
||||||
"8.8.8.8"
|
"8.8.8.8"
|
||||||
"2001:4860:4860::8844"
|
# FIXME: enable ipv6 "2001:4860:4860::8844"
|
||||||
];
|
];
|
||||||
bootstrap_dns = [
|
bootstrap_dns = [
|
||||||
"1.1.1.1"
|
"1.1.1.1"
|
||||||
"2606:4700:4700::1111"
|
# FIXME: enable ipv6 "2606:4700:4700::1111"
|
||||||
"8.8.8.8"
|
"8.8.8.8"
|
||||||
"2001:4860:4860::8844"
|
# FIXME: enable ipv6 "2001:4860:4860::8844"
|
||||||
];
|
];
|
||||||
dhcp.enabled = false;
|
dhcp.enabled = false;
|
||||||
|
};
|
||||||
|
filtering.rewrites = [
|
||||||
# Undo the /etc/hosts entry so we don't answer with the internal
|
# Undo the /etc/hosts entry so we don't answer with the internal
|
||||||
# wireguard address for influxdb
|
# wireguard address for influxdb
|
||||||
rewrites = [
|
|
||||||
{
|
{
|
||||||
domain = nodes.sentinel.config.networking.providedDomains.influxdb;
|
domain = nodes.sentinel.config.networking.providedDomains.influxdb;
|
||||||
answer = config.repo.secrets.global.domains.me;
|
answer = config.repo.secrets.global.domains.me;
|
||||||
}
|
}
|
||||||
|
# Use the local mirror-proxy for some services (not necessary, just for speed)
|
||||||
|
{
|
||||||
|
domain = nodes.sentinel.config.networking.providedDomains.grafana;
|
||||||
|
answer = "192.168.1.1";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
domain = nodes.sentinel.config.networking.providedDomains.immich;
|
||||||
|
answer = "192.168.1.1";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
filters = [
|
filters = [
|
||||||
{
|
{
|
||||||
|
|
@ -107,12 +110,12 @@ in {
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.adguardhome = {
|
systemd.services.adguardhome = {
|
||||||
preStart = lib.mkAfter ''
|
preStart = lib.mkAfter ''
|
||||||
INTERFACE_ADDR=$(${pkgs.iproute2}/bin/ip -family inet -brief addr show lan | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+")
|
INTERFACE_ADDR=$(${pkgs.iproute2}/bin/ip -family inet -brief addr show lan | grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+") \
|
||||||
sed -i -e "s/123.123.123.123/$INTERFACE_ADDR/" "$STATE_DIRECTORY/AdGuardHome.yaml"
|
${lib.getExe pkgs.yq-go} -i '.dns.bind_hosts = [strenv(INTERFACE_ADDR)]' \
|
||||||
|
"$STATE_DIRECTORY/AdGuardHome.yaml"
|
||||||
'';
|
'';
|
||||||
serviceConfig.RestartSec = lib.mkForce "60"; # Retry every minute
|
serviceConfig.RestartSec = lib.mkForce "60"; # Retry every minute
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue