Migrated from multi repos to monorepo architecture.

modules/server/services/dns/adguard.nix

@@ -0,0 +1,53 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  # Version tagging
+  adguardVersion = "latest";
+  # Helper
+  helper = import ../service-helper.nix { inherit config pkgs lib; };
+  cfg = config.numbus-server.services.adguard;
+  # Container config
+  name = "adguard";
+in
+
+helper.mkPodmanService {
+  inherit name;
+  description = "AdGuard, feature-rich DNS service";
+  defaultPort = "3000";
+  scheme = "http";
+  dataDirEnabled = false;
+  startDelay = 10;
+  dependencies = [
+    "network.target"
+  ];
+  middlewares = [
+    "secureHeaders"
+  ];
+  dirPermissions = [
+    "100999:100 ${cfg.configDir}"
+  ];
+
+  composeText = ''
+    services:
+      adguardhome:
+        image: adguard/adguardhome:${adguardVersion}
+        container_name: adguard
+        hostname: adguard
+        network_mode: pasta
+        user: '1000:1000'
+        ports:
+          - "${cfg.port}:3000/tcp"
+          - "53:53/tcp"
+          - "53:53/udp"
+        volumes:
+          - ${cfg.configDir}/work:/opt/adguardhome/work
+          - ${cfg.configDir}/config:/opt/adguardhome/conf
+        cap_add:
+          - SYS_NICE
+        security_opt:
+          - no-new-privileges:true
+        restart: unless-stopped
+  '';
+}

modules/server/services/dns/default.nix

@@ -0,0 +1,10 @@
+{ ... }:
+
+{
+  imports = [
+    # To test
+    ./adguard.nix
+    # Tested
+    ./pi-hole.nix
+  ];
+}

modules/server/services/dns/pi-hole.nix

@@ -0,0 +1,71 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  # Version tagging
+  piholeVersion = "2026.02.0";
+  # Helper
+  helper = import ../service-helper.nix { inherit config pkgs lib; };
+  cfg = config.numbus-server.services.pi-hole;
+  # Container config
+  name = "pi-hole";
+  # DNS config
+  dnsConfig = ''
+
+  '';
+in
+
+helper.mkPodmanService {
+  inherit name;
+  description = "Pi-Hole, the ads black hole";
+  defaultPort = "4443";
+  scheme = "https";
+  dataDirEnabled = false;
+  startDelay = 10;
+  dependencies = [
+    "network.target"
+  ];
+  middlewares = [
+    "secureHeaders" 
+  ];
+  dirPermissions = [
+    "100999:100 ${cfg.configDir}"
+  ];
+  secrets = [
+    "pi-hole/web_password"
+  ];
+
+# Compose file good
+  composeText = ''
+    services:
+      pi-hole:
+        image: docker.io/pihole/pihole:${piholeVersion}
+        container_name: pi-hole
+        hostname: pi-hole
+        network_mode: pasta
+        ports:
+          - "${cfg.port}:443/tcp"
+          - "53:53/tcp"
+          - "53:53/udp"
+        volumes:
+          - ${cfg.configDir}:/etc/pihole
+        environment:
+          PIHOLE_UID: '1000'
+          PIHOLE_GID: '1000'
+          TZ: ${config.time.timeZone}
+          FTLCONF_webserver_domain: ${cfg.subdomain}.${config.numbus-server.services.domain}
+          FTLCONF_dns_domain_name: "${config.numbus-server.services.domain}"
+          FTLCONF_webserver_api_password: ${config.sops.placeholder."pi-hole/web_password"}
+          FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112
+          FTLCONF_dns_listeningMode: "BIND"
+          FTLCONF_dns_domain_local: "true"
+          FTLCONF_dhcp_active: "false"
+          FTLCONF_ntp_ipv4_active: "false"
+          FTLCONF_ntp_ipv6_active: "false"
+          FTLCONF_ntp_sync_active: "false"
+        cap_add:
+          - SYS_NICE
+        restart: unless-stopped
+  '';
+}