From 70228cc485df4b41c819ee590acc5dd99e8627b9 Mon Sep 17 00:00:00 2001
From: m3tam3re <m@m3tam3re.com>
Date: Sat, 11 Feb 2023 22:12:55 +0100
Subject: [PATCH] adguard

---
 home/features/desktop/default.nix                 |  2 +-
 hosts/lkk-nix-1/default.nix                       |  4 ++--
 hosts/lkk-nix-1/services/adguard.nix              |  7 +++++++
 hosts/lkk-nix-1/services/containers/wireguard.nix |  2 +-
 hosts/lkk-nix-1/services/default.nix              |  1 +
 hosts/lkk-nix-1/services/traefik.nix              | 11 +++++++++++
 6 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 hosts/lkk-nix-1/services/adguard.nix

diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix
index c4c6686..ae40724 100644
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@@ -30,8 +30,8 @@
   home.packages = with pkgs; [
     alacritty
     autotiling
-    brave
     blueberry
+    brave
     brightnessctl
     feh
     flameshot
diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix
index a8dec23..a5cfdfa 100644
--- a/hosts/lkk-nix-1/default.nix
+++ b/hosts/lkk-nix-1/default.nix
@@ -19,8 +19,8 @@
       from = 3000;
       to = 3100;
     }];
-    firewall.allowedTCPPorts = [ 80 443 5432 3306 3478 ];
-    firewall.allowedUDPPorts = [ 51820 ];
+    firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
+    firewall.allowedUDPPorts = [ 53 51820 ];
     firewall.allowedUDPPortRanges = [{
       from = 3478;
       to = 3481;
diff --git a/hosts/lkk-nix-1/services/adguard.nix b/hosts/lkk-nix-1/services/adguard.nix
new file mode 100644
index 0000000..91cd649
--- /dev/null
+++ b/hosts/lkk-nix-1/services/adguard.nix
@@ -0,0 +1,7 @@
+{
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+    settings.bind_port = 3008;
+  };
+}
diff --git a/hosts/lkk-nix-1/services/containers/wireguard.nix b/hosts/lkk-nix-1/services/containers/wireguard.nix
index e82cd91..21850da 100644
--- a/hosts/lkk-nix-1/services/containers/wireguard.nix
+++ b/hosts/lkk-nix-1/services/containers/wireguard.nix
@@ -1,7 +1,7 @@
 { config, outputs, ... }: {
   virtualisation.oci-containers.containers."wireguard" = {
     image = "weejewel/wg-easy";
-    environment = { WG_HOST = "wg.lanakk.com"; };
+    environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1"; };
     ports = [ "3007:51821/tcp" "51820:51820/udp" ];
     volumes = [ "wireguard_data:/etc/wireguard" ];
     extraOptions = [
diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix
index ca3a8ef..a075c1a 100644
--- a/hosts/lkk-nix-1/services/default.nix
+++ b/hosts/lkk-nix-1/services/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./adguard.nix
     ./container.nix
     ./gitea.nix
     ./invidious.nix
diff --git a/hosts/lkk-nix-1/services/traefik.nix b/hosts/lkk-nix-1/services/traefik.nix
index 2d6cdc0..2fc815d 100644
--- a/hosts/lkk-nix-1/services/traefik.nix
+++ b/hosts/lkk-nix-1/services/traefik.nix
@@ -50,6 +50,7 @@
           nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }];
           invidious.loadBalancer.servers = [{ url = "http://localhost:3006/"; }];
           wireguard.loadBalancer.servers = [{ url = "http://localhost:3007/"; }];
+          adguard.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
         };
         routers = {
           api = {
@@ -139,6 +140,16 @@
             middlewares = "auth";
             entrypoints = "websecure";
           };
+          adguard = {
+            rule = "Host(`ab.lanakk.com`)";
+            tls = {
+              certResolver = "godaddy";
+              domains = "ab.lanakk.com";
+            };
+            service = "adguard";
+            middlewares = "auth";
+            entrypoints = "websecure";
+          };
         };
       };
     };