{ config, pkgs, lib, ... }: with lib; let # Version tagging piholeVersion = "2026.02.0"; # Helper helper = import ./lib.nix { inherit config pkgs lib; }; cfg = config.numbus.services.pi-hole; # Container config name = "pi-hole"; in helper.mkPodmanService { inherit name; description = "Pi-Hole, the ads black hole"; pod = "false"; defaultPort = "4443"; scheme = "https"; dependencies = [ "network.target" ]; dataDir = false; startDelay = 10; generatedSecrets = { PIHOLE_PASSWORD = "xkcdpass -n 10 -d -"; }; dirPermissions = [ "100999:100 ${cfg.configDir}" ]; middlewares = [ "secureHeaders" ]; # Compose file good composeText = '' services: pi-hole: image: docker.io/pihole/pihole:${piholeVersion} container_name: pi-hole hostname: pi-hole network_mode: pasta ports: - "${cfg.port}:443/tcp" - "53:53/tcp" - "53:53/udp" volumes: - ${cfg.configDir}:/etc/pihole environment: PIHOLE_UID: '1000' PIHOLE_GID: '1000' TZ: ${config.time.timeZone} FTLCONF_webserver_api_password: $PIHOLE_PASSWORD FTLCONF_webserver_domain: ${cfg.subdomain}.${config.numbus.services.domain} FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112 FTLCONF_dns_hosts: | ${lib.concatStringsSep "" (lib.mapAttrsToList (name: service: if builtins.isAttrs service && service ? enable && service.enable && service ? subdomain then " ${config.numbus.networking.ipAddress} ${service.subdomain}.${config.numbus.services.domain}\n" else "" ) config.numbus.services)} FTLCONF_dns_listeningMode: "BIND" FTLCONF_dns_domain_name: "${config.numbus.services.domain}" FTLCONF_dns_domain_local: "true" FTLCONF_dhcp_active: "false" FTLCONF_ntp_ipv4_active: "false" FTLCONF_ntp_ipv6_active: "false" FTLCONF_ntp_sync_active: "false" cap_add: - SYS_NICE restart: unless-stopped ''; }