配置文件:adguradhome.nix
let
yggPrefix64 = "300:0001:0001:0001"; #取决于yggdrasilctl getself获取到的子网前缀
in
{
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
bridges.br0.interfaces = [];
interfaces.br0 = {
ipv6.addresses = [
{
address = "${yggPrefix64}::1";
prefixLength = 64;
}
];
};
};
systemd.services."container@adguard" = {
after = [ "network-addresses-br0.service" ];
requires = [ "network-addresses-br0.service" ];
};
containers.adguard = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
config =
{ config, pkgs, ... }:
{
networking.interfaces.eth0.ipv6 = {
addresses = [
{
address = "${yggPrefix64}::2";
prefixLength = 64;
#分配yggdrasil子网
}
];
routes = [
{
address = "200::";
prefixLength = 7;
via = "${yggPrefix64}::1";
}
];
};
networking.interfaces.eth0.ipv4 = {
addresses = [
{
address = "10.255.255.2";prefixLength = 24;
#分配IPV4子网让容器能够访问IPV4网络
}
];
routes = [
{
address = "0.0.0.0";prefixLength = 0;via = "10.255.255.1";
#添加默认上网路由
}
];
};
#ADGuradHome服务
services.adguardhome = {
enable = true;
openFirewall = true;
#host = "[::]";
port = 80;
settings = {
users = [
{
name = "admin";
password = "*********";
}
];
dns = {
#bind_hosts = [ "[::]" ];
port = 53;
upstream_dns = [
"https://dns.cloudflare.com/dns-query"
"https://dns.google/dns-query"
];
};
};
};
networking.firewall.allowedTCPPorts = [
53
80
];
networking.firewall.allowedUDPPorts = [
53
];
};
};
}启动后,可以通过不同的yggdrasil子网访问不同的服务。