Merge branch 'master' into ttrss

2022-11-02 23:19:36 +01:00 · 2022-11-02 23:19:36 +01:00 · dc12c1bf70
parent 8051f5e454 b686589199
commit dc12c1bf70
9 changed files with 39 additions and 12 deletions
--- a/modules/heimdall/default.nix
+++ b/modules/heimdall/default.nix
@ -1,8 +1,5 @@
 { inputs, ... }:
 {
-  imports = [
-    "${inputs.self}/modules/docker"
-  ];
  virtualisation.oci-containers = {
    backend = "docker";
    containers."heimdall" = {
--- a/modules/pihole/default.nix
+++ b/modules/pihole/default.nix
@ -1,4 +1,4 @@
-{ ... }:
+{ config, inputs, ... }:
 {
  networking = {
    firewall.allowedTCPPorts = [
@ -11,4 +11,26 @@
      67 # DHCP
    ];
  };
+  age.secrets.piholeEnv.file = "${inputs.self}/scrts/pihole_env.age";
+  virtualisation.oci-containers = {
+    containers."pihole" = {
+      image = "pihole/pihole";
+      autoStart = true;
+      environment = {
+        TZ = "Europe/Zurich";
+        ServerIP = "10.7.89.2";
+        DNS1 = "127.0.0.1#5335"; # we're using the local unboud server here
+        RATE_LIMIT = "10000/60";
+      };
+      environmentFiles = [ config.age.secrets.piholeEnv.path ];
+      volumes = [
+        "/var/lib/pihole/etc-pihole:/etc/pihole/"
+        "/var/lib/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/"
+      ];
+      extraOptions = [
+        "--network=host"
+        "--cap-add=NET_ADMIN"
+      ];
+    };
+  };
 }
--- a/modules/plex/default.nix
+++ b/modules/plex/default.nix
@ -1,8 +1,5 @@
 { inputs, config, ... }:
 {
-  imports = [
-    "${inputs.self}/modules/docker"
-  ];
  age.secrets.plexClaim.file = "${inputs.self}/scrts/plex_claim.age";
  networking = {
    firewall.allowedTCPPorts = [
--- a/modules/restic-server-client/default.nix
+++ b/modules/restic-server-client/default.nix
@ -1,4 +1,12 @@
-{ hostname, inputs, custom, pkgs, time, ... }:
+{ hostname
+, inputs
+, custom
+, path ? "/home/${custom.username}"
+, pkgs
+, tag ? "home-dir"
+, time
+, ...
+}:
 {
  imports = [
    "${inputs.self}/modules/telegram-notifications"
@ -24,7 +32,7 @@
    script = ''
      ${pkgs.restic}/bin/restic backup \
        --exclude-file=${inputs.self}/modules/restic/excludes.txt \
-        --tag home-dir /home/${custom.username}
+        --tag ${tag} ${path}

      ${pkgs.restic}/bin/restic forget \
        --tag home-dir \
--- a/modules/rss-bridge/default.nix
+++ b/modules/rss-bridge/default.nix
@ -3,9 +3,6 @@ let
  whitelist = builtins.toFile "whitelist.txt" ''*'';
 in
 {
-  imports = [
-    "${inputs.self}/modules/docker"
-  ];
  virtualisation.oci-containers = {
    backend = "docker";
    containers."rss-brige" = {
--- a/scrts/pihole_env.age
+++ b/scrts/pihole_env.age
--- a/scrts/secrets.nix
+++ b/scrts/secrets.nix
@ -34,5 +34,6 @@ in
 {
  "plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
  "ttrss_env.age".publicKeys = defaultKeys ++ [ ttrss ];
+  "pihole_env.age".publicKeys = defaultKeys ++ [ pihole ];
 }

--- a/systems/pihole/default.nix
+++ b/systems/pihole/default.nix
@ -6,6 +6,8 @@
      inherit hostname inputs;
    })
    (import "${inputs.self}/modules/restic-server-client" {
+      path = "/var/lib/pihole";
+      tag = "pihole";
      time = "05:00"; inherit custom hostname inputs pkgs;
    })
    "${inputs.self}/modules/docker"
--- a/systems/plex/default.nix
+++ b/systems/plex/default.nix
@ -6,8 +6,11 @@
      inherit hostname inputs;
    })
    (import "${inputs.self}/modules/restic-server-client" {
+      path = "/var/lib/plex";
+      tag = "plex";
      time = "03:30"; inherit custom hostname inputs pkgs;
    })
+    "${inputs.self}/modules/docker"
    "${inputs.self}/modules/media-share"
    "${inputs.self}/modules/plex"
  ];