Raphaël Numbus
67 lines
2.0 KiB
Nix
67 lines
2.0 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
# Version tagging
|
|
piholeVersion = "2026.02.0";
|
|
# Helper
|
|
helper = import ./lib.nix { inherit config pkgs lib; };
|
|
cfg = config.numbus.services.pi-hole;
|
|
in
|
|
|
|
helper.mkPodmanService {
|
|
description = "Pi-Hole, the ads black hole";
|
|
name = "pi-hole";
|
|
defaultPort = "4443";
|
|
scheme = "https";
|
|
dependencies = [ "network.target" "multi-user.target" ];
|
|
dataDir = false;
|
|
delaySec = 10;
|
|
generatedSecrets = {
|
|
PIHOLE_PASSWORD = "xkcdpass -n 10 -d -";
|
|
};
|
|
dirPermissions = [
|
|
"numbus-admin:users ${cfg.configDir}"
|
|
];
|
|
|
|
# Compose file good
|
|
composeText = ''
|
|
services:
|
|
pi-hole:
|
|
image: docker.io/pihole/pihole:${piholeVersion}
|
|
container_name: pi-hole
|
|
hostname: pi-hole
|
|
network_mode: pasta
|
|
ports:
|
|
- "${cfg.port}:443/tcp"
|
|
- "53:53/tcp"
|
|
- "53:53/udp"
|
|
volumes:
|
|
- ${cfg.configDir}:/etc/pihole
|
|
environment:
|
|
PIHOLE_UID: '1000'
|
|
PIHOLE_GID: '1000'
|
|
TZ: ${time.timeZone}
|
|
FTLCONF_webserver_api_password: $PIHOLE_PASSWORD
|
|
FTLCONF_webserver_domain: ${cfg.subdomain}.${config.numbus.services.domain}
|
|
FTLCONF_dns_upstreams: 9.9.9.9;149.112.112.112
|
|
FTLCONF_dns_hosts: |
|
|
${lib.concatStringsSep "" (lib.mapAttrsToList (name: service:
|
|
if builtins.isAttrs service && service ? enable && service.enable && service ? subdomain then
|
|
" ${config.numbus.networking.ipAddress} ${service.subdomain}.${config.numbus.services.domain}\n"
|
|
else
|
|
""
|
|
) config.numbus.services)}
|
|
FTLCONF_dns_listeningMode: "BIND"
|
|
FTLCONF_dns_domain_name: "${config.numbus.services.domain}"
|
|
FTLCONF_dns_domain_local: "true"
|
|
FTLCONF_dhcp_active: "false"
|
|
FTLCONF_ntp_ipv4_active: "false"
|
|
FTLCONF_ntp_ipv6_active: "false"
|
|
FTLCONF_ntp_sync_active: "false"
|
|
cap_add:
|
|
- SYS_NICE
|
|
restart: unless-stopped
|
|
'';
|
|
} |