add adguardhome

hosts/apu/configuration.nix

@@ -2,7 +2,7 @@
 # your system. Help is availanodev";
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
-{ ssh, pkgs, config, ... }:
+{ ssh, pkgs, config, lib, ... }:
 {
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/sda";
@@ -183,9 +183,33 @@
 
   services.resolved.enable = false;
 
-  services.nextdns = {
+  services.unbound = {
     enable = true;
-    arguments = [ "-profile" "9c4ac9" "-setup-router" "-mdns" "koti" ];
+    settings = {
+      server = {
+        interface = (lib.map
+          (name: config.systemd.network.networks."30-${name}".dhcpServerConfig.DNS)
+          (lib.attrNames config.modules.vlans.networks)
+        ) ++ [
+          "127.0.0.1"
+          "::1"
+        ];
+        access-control = [
+          "10.0.0.0/8 allow"
+          "127.0.0.0/8 allow"
+          "::1/128 allow"
+        ];
+        verbosity = 2;
+      };
+
+      forward-zone = [
+        {
+          name = ".";
+          forward-addr = "100.84.105.63#dns.freun.dev";
+          forward-tls-upstream = true;
+        }
+      ];
+    };
   };
 
   services.home-assistant = {

hosts/freun-dev/services.nix

@@ -170,5 +170,11 @@ in
       };
       environmentFile = secrets.dnote.path;
     };
+
+    tailscaledAdguardhome = {
+      enable = true;
+      subdomain = "dns";
+      port = 3006;
+    };
   };
 }

hosts/radish/configuration.nix

@@ -14,7 +14,7 @@
   };
 
   networking.extraHosts = ''
-    10.10.0.1 warden.apu.repomaa.com
+    100.84.105.63 dns.freun.dev
   '';
 
   networking.nftables.enable = true;