about summary refs log tree commit diff
path: root/nixos/modules/services/networking/adguardhome.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/networking/adguardhome.nix')
-rw-r--r--nixos/modules/services/networking/adguardhome.nix122
1 files changed, 70 insertions, 52 deletions
diff --git a/nixos/modules/services/networking/adguardhome.nix b/nixos/modules/services/networking/adguardhome.nix
index 6958bcccf54cf..df9927351edc3 100644
--- a/nixos/modules/services/networking/adguardhome.nix
+++ b/nixos/modules/services/networking/adguardhome.nix
@@ -4,6 +4,7 @@ with lib;
 
 let
   cfg = config.services.adguardhome;
+  settingsFormat = pkgs.formats.yaml { };
 
   args = concatStringsSep " " ([
     "--no-check-update"
@@ -12,27 +13,33 @@ let
     "--config /var/lib/AdGuardHome/AdGuardHome.yaml"
   ] ++ cfg.extraArgs);
 
-  configFile = pkgs.writeTextFile {
-    name = "AdGuardHome.yaml";
-    text = builtins.toJSON cfg.settings;
-    checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config";
-  };
-  defaultBindPort = 3000;
-
-in
-{
-
-  imports =
-    let cfgPath = [ "services" "adguardhome" ];
-    in
-    [
-      (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "host" ]; to = cfgPath ++ [ "settings" "bind_host" ]; })
-      (mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "port" ]; to = cfgPath ++ [ "settings" "bind_port" ]; })
-    ];
-
+  settings = if (cfg.settings != null) then
+    cfg.settings // (if cfg.settings.schema_version < 23 then {
+      bind_host = cfg.host;
+      bind_port = cfg.port;
+    } else {
+      http.address = "${cfg.host}:${toString cfg.port}";
+    })
+  else
+    null;
+
+  configFile =
+    (settingsFormat.generate "AdGuardHome.yaml" settings).overrideAttrs (_: {
+      checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config";
+    });
+in {
   options.services.adguardhome = with types; {
     enable = mkEnableOption "AdGuard Home network-wide ad blocker";
 
+    package = mkOption {
+      type = package;
+      default = pkgs.adguardhome;
+      defaultText = literalExpression "pkgs.adguardhome";
+      description = ''
+        The package that runs adguardhome.
+      '';
+    };
+
     openFirewall = mkOption {
       default = false;
       type = bool;
@@ -43,8 +50,8 @@ in
     };
 
     allowDHCP = mkOption {
-      default = cfg.settings.dhcp.enabled or false;
-      defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false'';
+      default = settings.dhcp.enabled or false;
+      defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false";
       type = bool;
       description = ''
         Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is
@@ -65,32 +72,34 @@ in
       '';
     };
 
+    host = mkOption {
+      default = "0.0.0.0";
+      type = str;
+      description = ''
+        Host address to bind HTTP server to.
+      '';
+    };
+
+    port = mkOption {
+      default = 3000;
+      type = port;
+      description = ''
+        Port to serve HTTP pages on.
+      '';
+    };
+
     settings = mkOption {
       default = null;
       type = nullOr (submodule {
-        freeformType = (pkgs.formats.yaml { }).type;
+        freeformType = settingsFormat.type;
         options = {
           schema_version = mkOption {
-            default = pkgs.adguardhome.schema_version;
-            defaultText = literalExpression "pkgs.adguardhome.schema_version";
+            default = cfg.package.schema_version;
+            defaultText = literalExpression "cfg.package.schema_version";
             type = int;
             description = ''
               Schema version for the configuration.
-              Defaults to the `schema_version` supplied by `pkgs.adguardhome`.
-            '';
-          };
-          bind_host = mkOption {
-            default = "0.0.0.0";
-            type = str;
-            description = ''
-              Host address to bind HTTP server to.
-            '';
-          };
-          bind_port = mkOption {
-            default = defaultBindPort;
-            type = port;
-            description = ''
-              Port to serve HTTP pages on.
+              Defaults to the `schema_version` supplied by `cfg.package`.
             '';
           };
         };
@@ -107,7 +116,7 @@ in
 
         Set this to `null` (default) for a non-declarative configuration without any
         Nix-supplied values.
-        Declarative configurations are supplied with a default `schema_version`, `bind_host`, and `bind_port`.
+        Declarative configurations are supplied with a default `schema_version`, and `http.address`.
         :::
       '';
     };
@@ -124,17 +133,25 @@ in
   config = mkIf cfg.enable {
     assertions = [
       {
-        assertion = cfg.settings != null -> cfg.mutableSettings
-          || (hasAttrByPath [ "dns" "bind_host" ] cfg.settings)
-          || (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings);
-        message =
-          "AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration";
+        assertion = cfg.settings != null
+          -> !(hasAttrByPath [ "bind_host" ] cfg.settings);
+        message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'";
+      }
+      {
+        assertion = cfg.settings != null
+          -> !(hasAttrByPath [ "bind_port" ] cfg.settings);
+        message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.port'";
+      }
+      {
+        assertion = settings != null -> cfg.mutableSettings
+          || hasAttrByPath [ "dns" "bootstrap_dns" ] settings;
+        message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
       }
       {
-        assertion = cfg.settings != null -> cfg.mutableSettings
-          || hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings;
-        message =
-          "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
+        assertion = settings != null -> cfg.mutableSettings
+          || hasAttrByPath [ "dns" "bootstrap_dns" ] settings
+          && isList settings.dns.bootstrap_dns;
+        message = "AdGuard setting dns.bootstrap_dns needs to be a list";
       }
     ];
 
@@ -147,7 +164,7 @@ in
         StartLimitBurst = 10;
       };
 
-      preStart = optionalString (cfg.settings != null) ''
+      preStart = optionalString (settings != null) ''
         if    [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
            && [ "${toString cfg.mutableSettings}" = "1" ]; then
           # Writing directly to AdGuardHome.yaml results in empty file
@@ -161,8 +178,9 @@ in
 
       serviceConfig = {
         DynamicUser = true;
-        ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}";
-        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ];
+        ExecStart = "${cfg.package}/bin/adguardhome ${args}";
+        AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]
+          ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ];
         Restart = "always";
         RestartSec = 10;
         RuntimeDirectory = "AdGuardHome";
@@ -170,6 +188,6 @@ in
       };
     };
 
-    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port or defaultBindPort ];
+    networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 04:36:02 +0000