nixos/services/adguardhome/default.nix

{ config, lib, pkgs, ... }:

{
  imports = [ ../traefik/adguardhome.nix ];
  services.adguardhome = {
    enable = true;
    mutableSettings = false;
    settings = rec {
      http.address = "0.0.0.0:3001";
      dns = {
        bind_hosts = [ "127.0.0.1" "192.168.1.230" ];
        bootstrap_dns = [ "9.9.9.9" "149.112.112.10" ];
        ratelimit = 0;
        safe_search.enabled = true;
      };
      filtering = {
        inherit (dns) safe_search;
        rewrites = [
          {
            domain = "xenia.me.uk";
            answer = "192.168.1.230";
          }
          {
            domain = "*.xenia.me.uk";
            answer = "A";
          }
        ];
      };
      querylog.ignored = [
        "discovery.syncthing.net"
        "discovery-v6.syncthing.net"
        "matrix.tchncs.de"
      ];
      statistics = { inherit (querylog) ignored; };
    };
    openFirewall = true;
  };
  networking.firewall = {
    allowedTCPPorts = [ 53 ];
    allowedUDPPorts = [ 53 ];
  };
}