ashie/nixos-vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Cleanup

Browse source
This commit is contained in:
ashisgreat22 2026-03-18 21:26:19 +01:00
parent e82bbec626
commit ac36befbd7
1 changed files with 3 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

26
modules/adguard.nix
View file

@ -101,7 +101,7 @@ in
private_key_path = "/var/lib/acme/${cfg.domain}/key.pem"; private_key_path = "/var/lib/acme/${cfg.domain}/key.pem";
port_dns_over_tls = 853; port_dns_over_tls = 853;
port_dns_over_quic = 0; port_dns_over_quic = 0;
allow_unencrypted_doh = true; allow_unencrypted_doh = false;
}; };
filtering = { filtering = {
@ -156,32 +156,12 @@ in
}) cfg.clients }) cfg.clients
); );
# Nginx configuration for DoH endpoint # Nginx configuration (kept to satisfy ACME challenges for DoT certificates)
services.nginx.virtualHosts."${cfg.domain}" = { services.nginx.virtualHosts."${cfg.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
# Regex location to match /dns-query and /dns-query/{clientId} # Block all paths (no DoH or UI exposed via Nginx)
locations."~ ^/dns-query" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# DoH uses POST with application/dns-message
proxy_pass_request_body on;
proxy_set_header Content-Type "application/dns-message";
# Buffer settings for DNS queries
proxy_buffers 8 16k;
proxy_buffer_size 32k;
'';
};
# Block all other paths including admin UI
locations."/" = { locations."/" = {
return = "404"; return = "404";
}; };