{ config, ... }: let cfg = config.services.adguardhome; in { services.adguardhome = { enable = true; settings = { host = "0.0.0.0"; openFirewall = true; users = [ ]; dns.cache_enabled = true; dns.upstream_mode = "parallel"; dns.upstream_dns = [ "tls://security.cloudflare-dns.com" "tls://one.one.one.one" "tls://dns.google" "tls://dns.quad9.net" "tls://dns.digitale-gesellschaft.ch" "tls://child-noads.joindns4.eu" ]; filters = [ { url = "https://github.com/AdguardTeam/FiltersRegistry/raw/refs/heads/master/filters/filter_2_Base/filter.txt"; name = "AdGuard Base"; enabled = true; } { url = "https://github.com/AdguardTeam/FiltersRegistry/raw/refs/heads/master/filters/filter_3_Spyware/filter.txt"; name = "AdGuard Spyware"; enabled = true; } { url = "https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_17_TrackParam/filter.txt"; name = "AdGuard URL Tracking"; enabled = true; } { url = "https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/refs/heads/master/filters/filter_4_Social/filter.txt"; name = "AdGuard Social"; enabled = true; } { url = "https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_14_Annoyances/filter.txt"; name = "AdGuard Annoyances"; enabled = true; } { url = "https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_11_Mobile/filter.txt"; name = "AdGuard Mobile"; enabled = true; } { url = "https://raw.githubusercontent.com/AdguardTeam/FiltersRegistry/master/filters/filter_6_German/filter.txt"; name = "AdGuard German"; enabled = true; } { url = "https://easylist.to/easylist/easyprivacy.txt"; name = "EasyPrivacy"; enabled = true; } { url = "https://raw.githubusercontent.com/uBlockOrigin/uAssets/refs/heads/master/filters/filters.txt"; name = "uBlockOrigin"; enabled = true; } ]; }; }; services.caddy.virtualHosts.adguard = { hostName = "adguard.{$DOMAIN}"; extraConfig = '' encode gzip zstd reverse_proxy ${cfg.host}:${toString cfg.port} ''; }; }