From e9652aaaa60dd9a9094b17c1d6fe7e9f8fae7269 Mon Sep 17 00:00:00 2001
From: ashisgreat22 <dev@ashisgreat.xyz>
Date: Wed, 18 Mar 2026 21:27:41 +0100
Subject: [PATCH] Cleanup

---
 configuration.nix   |  6 +-----
 modules/adguard.nix | 46 ++-------------------------------------------
 2 files changed, 3 insertions(+), 49 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 210ba4e..525e76b 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -87,14 +87,10 @@
     };
   };
 
-  # === AdGuard Home (DoH) ===
+  # === AdGuard Home (DoT) ===
   myModules.adguard = {
     enable = true;
     domain = "dns.ashisgreat.xyz";
-    clients = [
-      { name = "phone"; idSecret = "adguard_client_phone"; }
-      { name = "laptop"; idSecret = "adguard_client_laptop"; }
-    ];
   };
 
   # === OpenClaw ===
diff --git a/modules/adguard.nix b/modules/adguard.nix
index e77f8f5..24b3a1a 100644
--- a/modules/adguard.nix
+++ b/modules/adguard.nix
@@ -47,38 +47,9 @@ in
       default = [ "194.242.2.2" "2a07:e340::2" ];
       description = "Bootstrap DNS servers for resolving DoH upstream";
     };
-
-    clients = lib.mkOption {
-      type = lib.types.listOf (lib.types.submodule {
-        options = {
-          name = lib.mkOption {
-            type = lib.types.str;
-            description = "Friendly name for client device";
-          };
-          idSecret = lib.mkOption {
-            type = lib.types.str;
-            description = "SOPS secret name containing the ClientID";
-          };
-        };
-      });
-      default = [ ];
-      description = "List of clients with their ClientID secrets";
-    };
   };
 
   config = lib.mkIf cfg.enable {
-    # Provide an adguard clients partial config for injection
-    sops.templates."adguard_clients.yaml" = {
-      content = builtins.toJSON {
-        clients = {
-          persistent = map (client: {
-            name = client.name;
-            ids = [ config.sops.placeholder.${client.idSecret} ];
-          }) cfg.clients;
-        };
-      };
-    };
-
     services.adguardhome = {
       enable = true;
       host = "127.0.0.1";
@@ -132,30 +103,17 @@ in
       };
     };
 
-    # Merge the clients configuration with the generated AdGuardHome.yaml before it starts
+    # Give AdGuardHome access to ACME certificates
     systemd.services.adguardhome = {
       requires = [ "acme-${cfg.domain}.service" ];
       after = [ "acme-${cfg.domain}.service" ];
-      serviceConfig.SupplementaryGroups = [ "acme" "keys" ];
-      serviceConfig.SystemCallFilter = lib.mkForce [];
-      preStart = lib.mkAfter ''
-        if [ -f /var/lib/private/AdGuardHome/AdGuardHome.yaml ]; then
-          ${pkgs.yq-go}/bin/yq -i '.clients.persistent = load("${config.sops.templates."adguard_clients.yaml".path}").clients.persistent' /var/lib/private/AdGuardHome/AdGuardHome.yaml
-        fi
-      '';
+      serviceConfig.SupplementaryGroups = [ "acme" ];
     };
 
     # Open firewall for DoT
     networking.firewall.allowedTCPPorts = [ 853 ];
     networking.firewall.allowedUDPPorts = [ 853 ];
 
-    # Auto-declare SOPS secrets for each client
-    sops.secrets = lib.mkMerge (
-      map (client: {
-        ${client.idSecret} = { };
-      }) cfg.clients
-    );
-
     # Nginx configuration (kept to satisfy ACME challenges for DoT certificates)
     services.nginx.virtualHosts."${cfg.domain}" = {
       enableACME = true;