From a00e05f3e875c3f661668a28e3360d42614dd003 Mon Sep 17 00:00:00 2001
From: Jack Mechem <mechemjack@gmail.com>
Date: Fri, 1 May 2026 03:50:03 -0700
Subject: [PATCH] Dns server

---
 hosts/dellserv/configuration.nix | 29 +++++++++++++++++++++++++++++
 hosts/desktop/configuration.nix  |  1 +
 hosts/t480/configuration.nix     |  1 +
 3 files changed, 31 insertions(+)

diff --git a/hosts/dellserv/configuration.nix b/hosts/dellserv/configuration.nix
index 90e422d..7af8a29 100644
--- a/hosts/dellserv/configuration.nix
+++ b/hosts/dellserv/configuration.nix
@@ -26,6 +26,9 @@
 
     networking.hostName = "dell-xps-nixos-serv"; # Define your hostname.
     networking.networkmanager.enable = true;
+    networking.hosts = {
+        "127.0.0.1" = [ "gitssh.jackmechem.dev" ];
+    };
     networking.firewall.allowedTCPPorts = [
         80
         3000
@@ -33,7 +36,9 @@
         8080
         443
         22
+        53
     ];
+    networking.firewall.allowedUDPPorts = [ 53 ];
 
     nix.settings.experimental-features = [
         "nix-command"
@@ -112,6 +117,11 @@
                 reverse_proxy localhost:3002
             '';
         };
+        virtualHosts."adguard.jackmechem.dev" = {
+            extraConfig = ''
+                reverse_proxy localhost:3003
+            '';
+        };
     };
 
     services.server-dash = {
@@ -123,6 +133,25 @@
         useNixBuild = false;
     };
 
+    services.resolved.settings.Resolve.DNSStubListener = "no";
+
+    services.adguardhome = {
+        enable = true;
+        mutableSettings = false;
+        port = 3003;
+        settings = {
+            http.address = lib.mkForce "127.0.0.1:3003";
+            dns = {
+                bind_hosts = [ "0.0.0.0" ];
+                port = 53;
+                bootstrap_dns = [
+                    "9.9.9.10"
+                    "149.112.112.10"
+                ];
+            };
+        };
+    };
+
     services.forgejo = {
         enable = true;
         settings = {
diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix
index de58d9d..08cf8f6 100644
--- a/hosts/desktop/configuration.nix
+++ b/hosts/desktop/configuration.nix
@@ -28,6 +28,7 @@
 
     networking.hostName = "jackdesk";
     networking.networkmanager.enable = true;
+    networking.nameservers = [ "192.168.1.164" ];
 
     networking.firewall.allowedTCPPorts = [ 2200 3000 ];
 
diff --git a/hosts/t480/configuration.nix b/hosts/t480/configuration.nix
index 6cf7eb7..c98393e 100644
--- a/hosts/t480/configuration.nix
+++ b/hosts/t480/configuration.nix
@@ -27,6 +27,7 @@
 
   networking.hostName = "t480";
   networking.networkmanager.enable = true;
+  networking.nameservers = [ "192.168.1.164" ];
 
   nix.settings = {
     # Use all cores for building