ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 20:49:52 +03:00
Code Issues Projects Releases Wiki Activity

nixos/adguardhome: update config to match new schema

Browse Source
This commit is contained in:
Ryan Horiguchi 2024-04-19 18:37:19 +02:00
parent 671372c8ed
commit c60dd90d1f
2 changed files with 111 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
nixos/modules/services/networking/adguardhome.nix
View File

@ -4,6 +4,7 @@ with lib;
let
cfg = config.services.adguardhome;
settingsFormat = pkgs.formats.yaml { };
args = concatStringsSep " " ([
"--no-check-update"
@ -12,27 +13,33 @@ let
"--config /var/lib/AdGuardHome/AdGuardHome.yaml"
] ++ cfg.extraArgs);
configFile = pkgs.writeTextFile {
name = "AdGuardHome.yaml";
text = builtins.toJSON cfg.settings;
checkPhase = "${pkgs.adguardhome}/bin/adguardhome -c $out --check-config";
};
defaultBindPort = 3000;
in
{
imports =
let cfgPath = [ "services" "adguardhome" ];
in
[
(mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "host" ]; to = cfgPath ++ [ "settings" "bind_host" ]; })
(mkRenamedOptionModuleWith { sinceRelease = 2211; from = cfgPath ++ [ "port" ]; to = cfgPath ++ [ "settings" "bind_port" ]; })
];
settings = if (cfg.settings != null) then
cfg.settings // (if cfg.settings.schema_version < 23 then {
bind_host = cfg.host;
bind_port = cfg.port;
} else {
http.address = "${cfg.host}:${toString cfg.port}";
})
else
null;
configFile =
(settingsFormat.generate "AdGuardHome.yaml" settings).overrideAttrs (_: {
checkPhase = "${cfg.package}/bin/adguardhome -c $out --check-config";
});
in {
options.services.adguardhome = with types; {
enable = mkEnableOption "AdGuard Home network-wide ad blocker";
package = mkOption {
type = package;
default = pkgs.adguardhome;
defaultText = literalExpression "pkgs.adguardhome";
description = ''
The package that runs adguardhome.
'';
};
openFirewall = mkOption {
default = false;
type = bool;
@ -43,8 +50,8 @@ in
};
allowDHCP = mkOption {
default = cfg.settings.dhcp.enabled or false;
defaultText = literalExpression ''config.services.adguardhome.settings.dhcp.enabled or false'';
default = settings.dhcp.enabled or false;
defaultText = literalExpression "config.services.adguardhome.settings.dhcp.enabled or false";
type = bool;
description = ''
Allows AdGuard Home to open raw sockets (`CAP_NET_RAW`), which is
@ -65,32 +72,34 @@ in
'';
};
host = mkOption {
default = "0.0.0.0";
type = str;
description = ''
Host address to bind HTTP server to.
'';
};
port = mkOption {
default = 3000;
type = port;
description = ''
Port to serve HTTP pages on.
'';
};
settings = mkOption {
default = null;
type = nullOr (submodule {
freeformType = (pkgs.formats.yaml { }).type;
freeformType = settingsFormat.type;
options = {
schema_version = mkOption {
default = pkgs.adguardhome.schema_version;
defaultText = literalExpression "pkgs.adguardhome.schema_version";
default = cfg.package.schema_version;
defaultText = literalExpression "cfg.package.schema_version";
type = int;
description = ''
Schema version for the configuration.
Defaults to the `schema_version` supplied by `pkgs.adguardhome`.
'';
};
bind_host = mkOption {
default = "0.0.0.0";
type = str;
description = ''
Host address to bind HTTP server to.
'';
};
bind_port = mkOption {
default = defaultBindPort;
type = port;
description = ''
Port to serve HTTP pages on.
Defaults to the `schema_version` supplied by `cfg.package`.
'';
};
};
@ -107,7 +116,7 @@ in
Set this to `null` (default) for a non-declarative configuration without any
Nix-supplied values.
Declarative configurations are supplied with a default `schema_version`, `bind_host`, and `bind_port`.
Declarative configurations are supplied with a default `schema_version`, and `http.address`.
:::
'';
};
@ -124,17 +133,25 @@ in
config = mkIf cfg.enable {
assertions = [
{
assertion = cfg.settings != null -> cfg.mutableSettings
|| (hasAttrByPath [ "dns" "bind_host" ] cfg.settings)
|| (hasAttrByPath [ "dns" "bind_hosts" ] cfg.settings);
message =
"AdGuard setting dns.bind_host or dns.bind_hosts needs to be configured for a minimal working configuration";
assertion = cfg.settings != null
-> !(hasAttrByPath [ "bind_host" ] cfg.settings);
message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.host'";
}
{
assertion = cfg.settings != null -> cfg.mutableSettings
|| hasAttrByPath [ "dns" "bootstrap_dns" ] cfg.settings;
message =
"AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
assertion = cfg.settings != null
-> !(hasAttrByPath [ "bind_port" ] cfg.settings);
message = "AdGuard option `settings.bind_host' has been superseded by `services.adguardhome.port'";
}
{
assertion = settings != null -> cfg.mutableSettings
|| hasAttrByPath [ "dns" "bootstrap_dns" ] settings;
message = "AdGuard setting dns.bootstrap_dns needs to be configured for a minimal working configuration";
}
{
assertion = settings != null -> cfg.mutableSettings
|| hasAttrByPath [ "dns" "bootstrap_dns" ] settings
&& isList settings.dns.bootstrap_dns;
message = "AdGuard setting dns.bootstrap_dns needs to be a list";
}
];
@ -147,7 +164,7 @@ in
StartLimitBurst = 10;
};
preStart = optionalString (cfg.settings != null) ''
preStart = optionalString (settings != null) ''
if [ -e "$STATE_DIRECTORY/AdGuardHome.yaml" ] \
&& [ "${toString cfg.mutableSettings}" = "1" ]; then
# Writing directly to AdGuardHome.yaml results in empty file
@ -161,8 +178,9 @@ in
serviceConfig = {
DynamicUser = true;
ExecStart = "${pkgs.adguardhome}/bin/adguardhome ${args}";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ] ++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ];
ExecStart = "${cfg.package}/bin/adguardhome ${args}";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]
++ optionals cfg.allowDHCP [ "CAP_NET_RAW" ];
Restart = "always";
RestartSec = 10;
RuntimeDirectory = "AdGuardHome";
@ -170,6 +188,6 @@ in
};
};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.bind_port or defaultBindPort ];
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
};
}

85
nixos/tests/adguardhome.nix
View File

@ -2,41 +2,39 @@
name = "adguardhome";
nodes = {
nullConf = { ... }: { services.adguardhome = { enable = true; }; };
nullConf = { services.adguardhome.enable = true; };
emptyConf = { lib, ... }: {
emptyConf = {
services.adguardhome = {
enable = true;
settings = { };
};
};
declarativeConf = { ... }: {
schemaVersionBefore23 = {
services.adguardhome = {
enable = true;
settings.schema_version = 20;
};
};
declarativeConf = {
services.adguardhome = {
enable = true;
mutableSettings = false;
settings = {
schema_version = 0;
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
settings.dns.bootstrap_dns = [ "127.0.0.1" ];
};
};
mixedConf = { ... }: {
mixedConf = {
services.adguardhome = {
enable = true;
mutableSettings = true;
settings = {
schema_version = 0;
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
};
settings.dns.bootstrap_dns = [ "127.0.0.1" ];
};
};
@ -70,11 +68,7 @@
allowDHCP = true;
mutableSettings = false;
settings = {
schema_version = 0;
dns = {
bind_host = "0.0.0.0";
bootstrap_dns = "127.0.0.1";
};
dns.bootstrap_dns = [ "127.0.0.1" ];
dhcp = {
# This implicitly enables CAP_NET_RAW
enabled = true;
@ -104,33 +98,38 @@
testScript = ''
with subtest("Minimal (settings = null) config test"):
nullConf.wait_for_unit("adguardhome.service")
nullConf.wait_for_unit("adguardhome.service")
nullConf.wait_for_open_port(3000)
with subtest("Default config test"):
emptyConf.wait_for_unit("adguardhome.service")
emptyConf.wait_for_open_port(3000)
emptyConf.wait_for_unit("adguardhome.service")
emptyConf.wait_for_open_port(3000)
with subtest("Default schema_version 23 config test"):
schemaVersionBefore23.wait_for_unit("adguardhome.service")
schemaVersionBefore23.wait_for_open_port(3000)
with subtest("Declarative config test, DNS will be reachable"):
declarativeConf.wait_for_unit("adguardhome.service")
declarativeConf.wait_for_open_port(53)
declarativeConf.wait_for_open_port(3000)
declarativeConf.wait_for_unit("adguardhome.service")
declarativeConf.wait_for_open_port(53)
declarativeConf.wait_for_open_port(3000)
with subtest("Mixed config test, check whether merging works"):
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(53)
mixedConf.wait_for_open_port(3000)
# Test whether merging works properly, even if nothing is changed
mixedConf.systemctl("restart adguardhome.service")
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(3000)
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(53)
mixedConf.wait_for_open_port(3000)
# Test whether merging works properly, even if nothing is changed
mixedConf.systemctl("restart adguardhome.service")
mixedConf.wait_for_unit("adguardhome.service")
mixedConf.wait_for_open_port(3000)
with subtest("Testing successful DHCP start"):
dhcpConf.wait_for_unit("adguardhome.service")
client.systemctl("start network-online.target")
client.wait_for_unit("network-online.target")
# Test IP assignment via DHCP
dhcpConf.wait_until_succeeds("ping -c 5 10.0.10.100")
# Test hostname resolution over DHCP-provided DNS
dhcpConf.wait_until_succeeds("ping -c 5 client.lan")
dhcpConf.wait_for_unit("adguardhome.service")
client.systemctl("start network-online.target")
client.wait_for_unit("network-online.target")
# Test IP assignment via DHCP
dhcpConf.wait_until_succeeds("ping -c 5 10.0.10.100")
# Test hostname resolution over DHCP-provided DNS
dhcpConf.wait_until_succeeds("ping -c 5 client.lan")
'';
}