From 219391bc85f2a3c9af8bb69b8e7effdf3e9f5d5a Mon Sep 17 00:00:00 2001
From: ashisgreat22 <dev@ashisgreat.xyz>
Date: Wed, 18 Mar 2026 20:56:30 +0100
Subject: [PATCH] refactor(adguard): migrate to native nixos service

Replace the Podman container and manual YAML templating with the native  NixOS module for better system integration and simpler declarative configuration.
---
 modules/adguard.nix | 92 +++++++++++++++++++--------------------------
 1 file changed, 39 insertions(+), 53 deletions(-)

diff --git a/modules/adguard.nix b/modules/adguard.nix
index 555e9dd..cc8e16c 100644
--- a/modules/adguard.nix
+++ b/modules/adguard.nix
@@ -67,63 +67,49 @@ in
   };
 
   config = lib.mkIf cfg.enable {
-    # Ensure Podman is enabled
-    myModules.podman.enable = true;
+    services.adguardhome = {
+      enable = true;
+      host = "127.0.0.1";
+      port = cfg.port;
+      settings = {
+        dns = {
+          upstream_dns = [ cfg.upstreamDoh ];
+          bootstrap_dns = cfg.bootstrapDns;
+          querylog_enabled = true;
+          querylog_file_enabled = true;
+          statistics_enabled = true;
+        };
 
-    # AdGuard Home Container
-    virtualisation.oci-containers.containers."adguard" = {
-      image = "docker.io/adguard/adguardhome:latest";
-      ports = [ "127.0.0.1:${toString cfg.port}:3000/tcp" ];
-      extraOptions = [
-        "--tmpfs=/tmp"
-      ];
-      volumes = [
-        "${config.sops.templates."adguardhome.yaml".path}:/opt/adguardhome/conf/AdGuardHome.yaml:ro"
-        "adguard-data:/opt/adguardhome/work"
-      ];
-    };
+        filtering = {
+          protection_enabled = true;
+          filtering_enabled = true;
+        };
 
-    # SOPS template for AdGuard configuration
-    sops.templates."adguardhome.yaml" = {
-      content = ''
-        http:
-          address: 0.0.0.0:3000
+        safebrowsing = {
+          enabled = false;
+        };
 
-        dns:
-          upstream_dns:
-            - ${cfg.upstreamDoh}
-          bootstrap_dns:
-            ${lib.concatStringsSep "\n            " (map (d: "- ${d}") cfg.bootstrapDns)}
-          querylog_enabled: true
-          querylog_file_enabled: true
-          statistics_enabled: true
+        parental = {
+          enabled = false;
+        };
 
-        ${lib.optionalString (lib.length cfg.clients == 0) ''
-          clients:
-            persistent: []
-        ''}
+        safesearch = {
+          enabled = false;
+        };
 
-        filtering:
-          protection_enabled: true
-          filtering_enabled: true
-
-        safebrowsing:
-          enabled: false
-
-        parental:
-          enabled: false
-
-        safesearch:
-          enabled: false
-
-        log:
-          file: ""
-          max_backups: 0
-          max_size: 100
-          compress: false
-          local_time: false
-          verbose: false
-      '';
+        log = {
+          file = "";
+          max_backups = 0;
+          max_size = 100;
+          compress = false;
+          local_time = false;
+          verbose = false;
+        };
+      } // lib.optionalAttrs (lib.length cfg.clients == 0) {
+        clients = {
+          persistent = [ ];
+        };
+      };
     };
 
     # Auto-declare SOPS secrets for each client
@@ -167,4 +153,4 @@ in
     # Ensure nginx user can access ACME certs
     users.users.nginx.extraGroups = [ "acme" ];
   };
-}
+}
\ No newline at end of file