{ config, ... }: { services.adguardhome = { enable = true; mutableSettings = true; allowDHCP = true; host = "127.0.0.1"; port = 8001; settings = { users = [ { name = "admin"; password = "$2a$10$7FLDb/cr3SCtKiojXbFGnOjk6rWC0z9GMafV.YWMvewUcgua1eF/m"; } ]; dns = { ratelimit = 0; }; filtering = { rewrites = [ { domain = "dryb.org"; answer = "192.168.2.40"; } { domain = "speedport.ip"; answer = "192.168.2.1"; } { domain = "speedport.dryb.org"; answer = "192.168.2.1"; } { domain = "tplink.dryb.org"; answer = "192.168.2.30"; } { domain = "adguard.dryb.org"; answer = "192.168.2.40"; } { domain = config.services.gitea.settings.server.DOMAIN; answer = "192.168.2.40"; } { domain = config.services.nextcloud.hostName; answer = "192.168.2.40"; } { domain = "anki.dryb.org"; answer = "192.168.2.40"; } { domain = "paperless.dryb.org"; answer = "192.168.2.40"; } { domain = "jellyfin.dryb.org"; answer = "192.168.2.40"; } { domain = "momo.dryb.org"; answer = "188.245.216.128"; } { domain = "momo.dryb.org"; answer = "2a01:4f8:1c1e:8abc::1"; } { domain = "syncthing.dryb.org"; answer = "momo.dryb.org"; } { domain = "vaultwarden.dryb.org"; answer = "momo.dryb.org"; } ]; }; dhcp = { enabled = true; interface_name = "enp0s25"; local_domain_name = "dryb.org"; dhcpv4 = { gateway_ip = "192.168.2.1"; subnet_mask = "255.255.255.0"; range_start = "192.168.2.100"; range_end = "192.168.2.255"; lease_duration = 86400; icmp_timeout_msec = 1000; }; dhcpv6 = { range_start = "fdd2::1"; lease_duration = 86400; ra_slaac_only = true; ra_allow_slaac = true; }; }; }; }; networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 67 547 ]; }; }