Created a helper to create the container configurations. Updated all containers files to use it.

modules/services/pi-hole.nix

@@ -1,106 +1,61 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
+
+with lib;
 
 let
-  container_name = "pi-hole";
-  compose_file = "podman/pi-hole/compose.yaml";
-  config_dir = "/mnt/config/pi-hole";
+  helper = import ./lib.nix { inherit config pkgs lib; };
+  cfg = config.numbus.services.pi-hole;
 in
 
-{
-  config = {
-    environment.etc."${compose_file}".text =
-      /*
-      yaml
-      */
-      ''
-        services:
-          pihole:
-            image: docker.io/pihole/pihole:latest
-            container_name: pi-hole
-            networks:
-              pi-hole_frontend:
-            ports:
-              # DNS Ports
-              - "53:53/tcp"
-              - "53:53/udp"
-            environment:
-              TZ: $TZ
-              FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password
-              FTLCONF_dns_hosts: |
-                $HOME_SERVER_IP frigate.$DOMAIN_NAME
-                $HOME_SERVER_IP gitea.$DOMAIN_NAME
-                $HOME_SERVER_IP home-assistant.$DOMAIN_NAME
-                $HOME_SERVER_IP immich.$DOMAIN_NAME
-                $HOME_SERVER_IP it-tools.$DOMAIN_NAME
-                $HOME_SERVER_IP nextcloud.$DOMAIN_NAME
-                $HOME_SERVER_IP nextcloud-aio.$DOMAIN_NAME
-                $HOME_SERVER_IP passbolt.$DOMAIN_NAME
-                $HOME_SERVER_IP pi-hole.$DOMAIN_NAME
-                $HOME_SERVER_IP traefik.$DOMAIN_NAME
-              FTLCONF_dhcp_active: "false"
-              FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112
-              FTLCONF_ntp_ipv4_active: "false"
-              FTLCONF_ntp_ipv6_active: "false"
-              FTLCONF_ntp_sync_active: "false"
-            volumes:
-              - ${config_dir}:/etc/pihole
-            cap_add:
-              - SYS_NICE
-            labels:
-              - traefik.enable=true
-              - traefik.docker.network=pi-hole_frontend
-              - traefik.http.services.pihole.loadbalancer.server.port=80
-              - traefik.http.services.pihole.loadbalancer.server.scheme=http
-              - traefik.http.routers.pihole-https.entrypoints=websecure
-              - traefik.http.routers.pihole-https.rule=Host(`pi-hole.$DOMAIN_NAME`)
-              - traefik.http.routers.pihole-https.tls=true
-              - traefik.http.routers.pihole-https.tls.certresolver=cloudflare
-            restart: unless-stopped
+helper.mkPodmanService {
+  name = "pi-hole";
+  description = "Pi-Hole, the ads black hole";
+  defaultPort = "4443";
+  pod = "false";
+  scheme = "https";
+  dependencies = [ "traefik.service" "${config.numbus.services.dns}.service" ];
+  delaySec = 10;
 
-        networks:
-          pi-hole_frontend:
-            external: true
-      '';
-
-    systemd.services."${container_name}" = {
-      description = "Podman container : ${container_name}";
-      after = [ "network.target" "traefik.service" ];
-      requires = [ "traefik.service" ];
-      wantedBy = [ "multi-user.target" ];
-      path = [ pkgs.podman pkgs.coreutils ];
-
-      serviceConfig = {
-        User = "numbus-admin";
-        Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
-        Type = "exec";
-        TimeoutStartSec = "600";
-        ExecStartPre = [
-          "${pkgs.bash}/bin/bash -c 'sleep 20'"
-          "-${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"
-        ];
-        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
-        ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
-        Restart = "on-failure";
-        RestartSec = "5m";
-        StartLimitBurst = "3";
-      };
-    };
-
-    systemd.services."update-${container_name}" = {
-      description = "Update ${container_name} container";
-      serviceConfig = {
-        Type = "oneshot";
-        ExecStart = "${pkgs.systemd}/bin/systemctl restart ${container_name}.service";
-      };
-    };
-
-    systemd.timers."update-${container_name}" = {
-      timerConfig = {
-        OnCalendar = "02:00";
-        RandomizedDelaySec = "60m";
-        Unit = "update-${container_name}.service";
-      };
-      wantedBy = [ "timers.target" ];
-    };
-  };
-}
+  composeText = ''
+    services:
+      pi-hole:
+        image: docker.io/pihole/pihole:latest
+        container_name: pi-hole
+        hostname: pi-hole
+        network_mode: pasta
+        ports:
+          - "${cfg.port}:443/tcp"
+          - "53:53/tcp"
+          - "53:53/udp"
+        environment:
+          PIHOLE_UID: '1000'
+          PIHOLE_GID: '1000'
+          TZ: $TZ
+          FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password
+          FTLCONF_webserver_domain: ${cfg.subdomain}.${config.numbus.services.domain}
+          FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112
+          FTLCONF_dns_hosts: |
+${lib.concatStringsSep "" (lib.mapAttrsToList (name: service:
+  if builtins.isAttrs service && service ? enable && service.enable && service ? subdomain then
+    "            $HOME_SERVER_IP ${service.subdomain}.${config.numbus.services.domain}\n"
+  else
+    ""
+) config.numbus.services)}
+    # TODO : get revServers to work
+    #      FTLCONF_dns_revServers: |
+    #        true,$HOME_ROUTER_SUBNET,$HOME_ROUTER_IP,${config.numbus.services.domain}
+    #        true,$HOME_VPN_SUBNET,$HOME_VPN_IP,${config.numbus.services.domain}
+          FTLCONF_dns_listeningMode: "BIND"
+          FTLCONF_dns_domain_name: "${config.numbus.services.domain}"
+          FTLCONF_dns_domain_local: "true"
+          FTLCONF_dhcp_active: "false"
+          FTLCONF_ntp_ipv4_active: "false"
+          FTLCONF_ntp_ipv6_active: "false"
+          FTLCONF_ntp_sync_active: "false"
+        volumes:
+          - ${cfg.configDir}:/etc/pihole
+        cap_add:
+          - SYS_NICE
+        restart: unless-stopped
+  '';
+}