From 79d7d3f88e7fa488460a9d01178edba632fb0978 Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Wed, 29 Apr 2026 18:56:11 +0100
Subject: [PATCH] adguard: explicitly enable LAN rewrites (schema change on
 stable)

AdGuard's recent config schema added an enabled flag on each rewrite
that defaults to false. Without it, the *.nordhammer.it -> 10.0.0.1
rules were silently disabled, so LAN clients resolved their own
domains to the public DDNS IP and tripped over NAT loopback.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 services/adguard.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/services/adguard.nix b/services/adguard.nix
index df36e6f..e59882a 100644
--- a/services/adguard.nix
+++ b/services/adguard.nix
@@ -36,10 +36,11 @@
             url = "https://big.oisd.nl/"; }
         ];
         # Resolve our own hostnames to the router's LAN IP so LAN clients
-        # bypass any NAT reflection.
+        # bypass any NAT reflection. `enabled` was added in AdGuard's recent
+        # schema and defaults to false — must be set explicitly.
         filtering.rewrites = [
-          { domain = "nordhammer.it";   answer = "10.0.0.1"; }
-          { domain = "*.nordhammer.it"; answer = "10.0.0.1"; }
+          { domain = "nordhammer.it";   answer = "10.0.0.1"; enabled = true; }
+          { domain = "*.nordhammer.it"; answer = "10.0.0.1"; enabled = true; }
         ];
       };
     };