refactor(adguard): migrate to native nixos service

Replace the Podman container and manual YAML templating with the native NixOS module for better system integration and simpler declarative configuration.
2026-03-18 20:56:30 +01:00 · 2026-03-18 20:56:30 +01:00 · 219391bc85
commit 219391bc85
parent 7a505055f8
1 changed files with 39 additions and 53 deletions
--- a/modules/adguard.nix
+++ b/modules/adguard.nix
@ -67,63 +67,49 @@ in
  };

  config = lib.mkIf cfg.enable {
-    # Ensure Podman is enabled
-    myModules.podman.enable = true;
+    services.adguardhome = {
+      enable = true;
+      host = "127.0.0.1";
+      port = cfg.port;
+      settings = {
+        dns = {
+          upstream_dns = [ cfg.upstreamDoh ];
+          bootstrap_dns = cfg.bootstrapDns;
+          querylog_enabled = true;
+          querylog_file_enabled = true;
+          statistics_enabled = true;
+        };

-    # AdGuard Home Container
-    virtualisation.oci-containers.containers."adguard" = {
-      image = "docker.io/adguard/adguardhome:latest";
-      ports = [ "127.0.0.1:${toString cfg.port}:3000/tcp" ];
-      extraOptions = [
-        "--tmpfs=/tmp"
-      ];
-      volumes = [
-        "${config.sops.templates."adguardhome.yaml".path}:/opt/adguardhome/conf/AdGuardHome.yaml:ro"
-        "adguard-data:/opt/adguardhome/work"
-      ];
-    };
+        filtering = {
+          protection_enabled = true;
+          filtering_enabled = true;
+        };

-    # SOPS template for AdGuard configuration
-    sops.templates."adguardhome.yaml" = {
-      content = ''
-        http:
-          address: 0.0.0.0:3000
+        safebrowsing = {
+          enabled = false;
+        };

-        dns:
-          upstream_dns:
-            - ${cfg.upstreamDoh}
-          bootstrap_dns:
-            ${lib.concatStringsSep "\n            " (map (d: "- ${d}") cfg.bootstrapDns)}
-          querylog_enabled: true
-          querylog_file_enabled: true
-          statistics_enabled: true
+        parental = {
+          enabled = false;
+        };

-        ${lib.optionalString (lib.length cfg.clients == 0) ''
-          clients:
-            persistent: []
-        ''}
+        safesearch = {
+          enabled = false;
+        };

-        filtering:
-          protection_enabled: true
-          filtering_enabled: true
-
-        safebrowsing:
-          enabled: false
-
-        parental:
-          enabled: false
-
-        safesearch:
-          enabled: false
-
-        log:
-          file: ""
-          max_backups: 0
-          max_size: 100
-          compress: false
-          local_time: false
-          verbose: false
-      '';
+        log = {
+          file = "";
+          max_backups = 0;
+          max_size = 100;
+          compress = false;
+          local_time = false;
+          verbose = false;
+        };
+      } // lib.optionalAttrs (lib.length cfg.clients == 0) {
+        clients = {
+          persistent = [ ];
+        };
+      };
    };

    # Auto-declare SOPS secrets for each client