refactor(adguard): migrate to native nixos service

Replace the Podman container and manual YAML templating with the native NixOS module for better system integration and simpler declarative configuration.
2026-03-18 20:56:30 +01:00 · 2026-03-18 20:56:30 +01:00 · 219391bc85
commit 219391bc85
parent 7a505055f8
1 changed files with 39 additions and 53 deletions
--- a/modules/adguard.nix
+++ b/modules/adguard.nix
@ -67,63 +67,49 @@ in
  };
  config = lib.mkIf cfg.enable {
-    # Ensure Podman is enabled
+    services.adguardhome = {
-    myModules.podman.enable = true;
+      enable = true;
-
+      host = "127.0.0.1";
-    # AdGuard Home Container
+      port = cfg.port;
-    virtualisation.oci-containers.containers."adguard" = {
+      settings = {
-      image = "docker.io/adguard/adguardhome:latest";
+        dns = {
-      ports = [ "127.0.0.1:${toString cfg.port}:3000/tcp" ];
+          upstream_dns = [ cfg.upstreamDoh ];
-      extraOptions = [
+          bootstrap_dns = cfg.bootstrapDns;
-        "--tmpfs=/tmp"
+          querylog_enabled = true;
-      ];
+          querylog_file_enabled = true;
-      volumes = [
+          statistics_enabled = true;
        "${config.sops.templates."adguardhome.yaml".path}:/opt/adguardhome/conf/AdGuardHome.yaml:ro"
        "adguard-data:/opt/adguardhome/work"
      ];
        };
-    # SOPS template for AdGuard configuration
+        filtering = {
-    sops.templates."adguardhome.yaml" = {
+          protection_enabled = true;
-      content = ''
+          filtering_enabled = true;
-        http:
+        };
          address: 0.0.0.0:3000
-        dns:
+        safebrowsing = {
-          upstream_dns:
+          enabled = false;
-            - ${cfg.upstreamDoh}
+        };
          bootstrap_dns:
            ${lib.concatStringsSep "\n            " (map (d: "- ${d}") cfg.bootstrapDns)}
          querylog_enabled: true
          querylog_file_enabled: true
          statistics_enabled: true
-        ${lib.optionalString (lib.length cfg.clients == 0) ''
+        parental = {
-          clients:
+          enabled = false;
-            persistent: []
+        };
        ''}
-        filtering:
+        safesearch = {
-          protection_enabled: true
+          enabled = false;
-          filtering_enabled: true
+        };
-        safebrowsing:
+        log = {
-          enabled: false
+          file = "";
-
+          max_backups = 0;
-        parental:
+          max_size = 100;
-          enabled: false
+          compress = false;
-
+          local_time = false;
-        safesearch:
+          verbose = false;
-          enabled: false
+        };
-
+      } // lib.optionalAttrs (lib.length cfg.clients == 0) {
-        log:
+        clients = {
-          file: ""
+          persistent = [ ];
-          max_backups: 0
+        };
-          max_size: 100
+      };
          compress: false
          local_time: false
          verbose: false
      '';
    };
    # Auto-declare SOPS secrets for each client