首頁 探索 說明
登入
badbayan
/
nix-config
關註 1
讚好 0
複刻 0
Files
分支: master
分支列表 標籤列表
nix-config
/
nixos
/
services
/
adguardhome.nix

adguardhome.nix 1.0 KB
永久連結 文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344 
  1. { config, lib, ... }:
    2. 

  2. with lib;
    3. 

  3. let
    4. 

  4.   cfg = config.roles.server.adguardhome;
    5. 

  5. in {
    6. 

  6.   options.roles.server.adguardhome = {
    7. 

  7.     enable = mkOption {
    8. 

  8.       default = false;
    9. 

  9.       type = types.bool;
    10. 

  10.     };
    11. 

  11.     domain = mkOption {
    12. 

  12.       default = config.roles.server.domain;
    13. 

  13.       type = types.str;
    14. 

  14.     };
    15. 

  15.   };
    16. 

  16. 

  17.   config = mkIf cfg.enable {
    18. 

  18.     roles.server.nginx.enable = mkForce true;
    19. 

  19. 

  20.     systemd.services.adguardhome.serviceConfig.SupplementaryGroups = [ "acme" ];
    21. 

  21. 

  22.     networking.firewall = {
    23. 

  23.       allowedTCPPorts = [ 853 ];
    24. 

  24.       allowedUDPPorts = [ 53 ];
    25. 

  25.     };
    26. 

  26. 

  27.     services = {
    28. 

  28.       adguardhome.enable = true;
    29. 

  29. 

  30.       nginx = {
    31. 

  31.         upstreams.adguardhome.servers = { "127.0.0.1:${toString config.services.adguardhome.port}" = {}; };
    32. 

  32.         virtualHosts."dns.${cfg.domain}" = {
    33. 

  33.           forceSSL = true;
    34. 

  34.           useACMEHost = cfg.domain;
    35. 

  35.           locations = {
    36. 

  36.             "/".proxyPass = "http://adguardhome";
    37. 

  37.             "/dns-query".proxyPass = "https://127.0.0.1:7443";
    38. 

  38.           };
    39. 

  39.         };
    40. 

  40.       };
    41. 

  41.     };
    42. 

  42.   };
    43. 

  43. }
    44. 

  44.