From 6ecc9984630d32c6bf4506a4ded75e5045a4b4e7 Mon Sep 17 00:00:00 2001
From: Myned <dev@bjork.tech>
Date: Thu, 6 Feb 2025 09:17:36 -0600
Subject: [PATCH] containers: add adguardhome

Signed-off-by: Myned <dev@bjork.tech>
---
 options/custom/containers/adguardhome.nix | 56 +++++++++++++++++++++++
 profiles/server/default.nix               |  1 +
 2 files changed, 57 insertions(+)
 create mode 100644 options/custom/containers/adguardhome.nix

diff --git a/options/custom/containers/adguardhome.nix b/options/custom/containers/adguardhome.nix
new file mode 100644
index 0000000..b7879a3
--- /dev/null
+++ b/options/custom/containers/adguardhome.nix
@@ -0,0 +1,56 @@
+{
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.custom.containers.adguardhome;
+in {
+  options = {
+    custom.containers.adguardhome.enable = mkOption {default = false;};
+  };
+
+  config = mkIf cfg.enable {
+    #?? arion-adguardhome pull
+    environment.shellAliases.arion-adguardhome = "sudo arion --prebuilt-file ${config.virtualisation.arion.projects.adguardhome.settings.out.dockerComposeYaml}";
+
+    virtualisation.arion.projects.adguardhome.settings.services = {
+      # https://github.com/AdguardTeam/AdGuardHome
+      # https://adguard-dns.io/kb/adguard-home/overview/
+      adguardhome.service = {
+        container_name = "adguardhome";
+        image = "adguard/adguardhome:v0.107.56";
+
+        ports = [
+          "53:53" # DNS
+          "853:853" # DNS-over-TLS
+          "3003:80" # Admin panel
+          "8443:443" # DNS-over-HTTPS
+        ];
+
+        restart = "unless-stopped";
+
+        volumes = [
+          "${config.custom.containers.directory}/adguardhome/config:/opt/adguardhome/conf"
+          "${config.custom.containers.directory}/adguardhome/data:/opt/adguardhome/data"
+        ];
+      };
+    };
+
+    # https://github.com/AdguardTeam/AdGuardHome/wiki/Encryption
+    networking.firewall = {
+      allowedTCPPorts = [
+        853 # DNS-over-TLS
+      ];
+
+      allowedUDPPorts = [
+        53 # DNS
+      ];
+    };
+
+    # https://adguard-dns.io/kb/adguard-home/faq/#bindinuse
+    services.resolved.extraConfig = ''
+      DNSStubListener=false
+    '';
+  };
+}
diff --git a/profiles/server/default.nix b/profiles/server/default.nix
index dafdcc1..b172170 100644
--- a/profiles/server/default.nix
+++ b/profiles/server/default.nix
@@ -11,6 +11,7 @@
       enable = true;
       boot = true;
       actualbudget.enable = true;
+      adguardhome.enable = true;
       conduwuit.enable = true;
       coturn.enable = true;
       forgejo.enable = true;