Raphaël Numbus
71 lines
1.8 KiB
Nix
71 lines
1.8 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
# Version tagging
|
|
piholeVersion = "2026.02.0";
|
|
# Helper
|
|
helper = import ../service-helper.nix { inherit config pkgs lib; };
|
|
cfg = config.numbus-server.services.pi-hole;
|
|
# Container config
|
|
name = "pi-hole";
|
|
# DNS config
|
|
dnsConfig = ''
|
|
|
|
'';
|
|
in
|
|
|
|
helper.mkPodmanService {
|
|
inherit name;
|
|
description = "Pi-Hole, the ads black hole";
|
|
defaultPort = "4443";
|
|
scheme = "https";
|
|
dataDirEnabled = false;
|
|
startDelay = 10;
|
|
dependencies = [
|
|
"network.target"
|
|
];
|
|
middlewares = [
|
|
"secureHeaders"
|
|
];
|
|
dirPermissions = [
|
|
"100999:100 ${cfg.configDir}"
|
|
];
|
|
secrets = [
|
|
"pi-hole/web_password"
|
|
];
|
|
|
|
# Compose file good
|
|
composeText = ''
|
|
services:
|
|
pi-hole:
|
|
image: docker.io/pihole/pihole:${piholeVersion}
|
|
container_name: pi-hole
|
|
hostname: pi-hole
|
|
network_mode: pasta
|
|
ports:
|
|
- "${cfg.port}:443/tcp"
|
|
- "53:53/tcp"
|
|
- "53:53/udp"
|
|
volumes:
|
|
- ${cfg.configDir}:/etc/pihole
|
|
environment:
|
|
PIHOLE_UID: '1000'
|
|
PIHOLE_GID: '1000'
|
|
TZ: ${config.time.timeZone}
|
|
FTLCONF_webserver_domain: ${cfg.subdomain}.${config.numbus-server.services.domain}
|
|
FTLCONF_dns_domain_name: "${config.numbus-server.services.domain}"
|
|
FTLCONF_webserver_api_password: ${config.sops.placeholder."pi-hole/web_password"}
|
|
FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112
|
|
FTLCONF_dns_listeningMode: "BIND"
|
|
FTLCONF_dns_domain_local: "true"
|
|
FTLCONF_dhcp_active: "false"
|
|
FTLCONF_ntp_ipv4_active: "false"
|
|
FTLCONF_ntp_ipv6_active: "false"
|
|
FTLCONF_ntp_sync_active: "false"
|
|
cap_add:
|
|
- SYS_NICE
|
|
restart: unless-stopped
|
|
'';
|
|
} |