{ config, lib, pkgs, ... }: { imports = [ ../traefik/adguardhome.nix ]; services.adguardhome = { enable = true; mutableSettings = false; settings = rec { http.address = "0.0.0.0:3001"; dns = { bind_hosts = [ "127.0.0.1" "192.168.1.230" ]; bootstrap_dns = [ "9.9.9.9" "149.112.112.10" ]; ratelimit = 0; safe_search.enabled = true; rewrites = [ { domain = "xenia.me.uk"; answer = "192.168.1.230"; } { domain = "*.xenia.me.uk"; answer = "A"; } ]; blocked_services.ids = [ "amazon" "facebook" "twitter" ]; }; filtering = { inherit (dns) safe_search rewrites blocked_services; }; querylog.ignored = [ "discovery.syncthing.net" "discovery-v6.syncthing.net" "matrix.tchncs.de" ]; statistics = { inherit (querylog) ignored; }; }; openFirewall = true; }; networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; }