diff --git a/modules/heimdall/default.nix b/modules/heimdall/default.nix index 2dc3bfb..c48a256 100644 --- a/modules/heimdall/default.nix +++ b/modules/heimdall/default.nix @@ -1,8 +1,5 @@ { inputs, ... }: { - imports = [ - "${inputs.self}/modules/docker" - ]; virtualisation.oci-containers = { backend = "docker"; containers."heimdall" = { diff --git a/modules/pihole/default.nix b/modules/pihole/default.nix index 63e5b51..b97e7fb 100644 --- a/modules/pihole/default.nix +++ b/modules/pihole/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ config, inputs, ... }: { networking = { firewall.allowedTCPPorts = [ @@ -11,4 +11,26 @@ 67 # DHCP ]; }; + age.secrets.piholeEnv.file = "${inputs.self}/scrts/pihole_env.age"; + virtualisation.oci-containers = { + containers."pihole" = { + image = "pihole/pihole"; + autoStart = true; + environment = { + TZ = "Europe/Zurich"; + ServerIP = "10.7.89.2"; + DNS1 = "127.0.0.1#5335"; # we're using the local unboud server here + RATE_LIMIT = "10000/60"; + }; + environmentFiles = [ config.age.secrets.piholeEnv.path ]; + volumes = [ + "/var/lib/pihole/etc-pihole:/etc/pihole/" + "/var/lib/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/" + ]; + extraOptions = [ + "--network=host" + "--cap-add=NET_ADMIN" + ]; + }; + }; } diff --git a/modules/plex/default.nix b/modules/plex/default.nix index e3b77a6..4d446d1 100644 --- a/modules/plex/default.nix +++ b/modules/plex/default.nix @@ -1,8 +1,5 @@ { inputs, config, ... }: { - imports = [ - "${inputs.self}/modules/docker" - ]; age.secrets.plexClaim.file = "${inputs.self}/scrts/plex_claim.age"; networking = { firewall.allowedTCPPorts = [ diff --git a/modules/restic-server-client/default.nix b/modules/restic-server-client/default.nix index 531a92a..61d1ca0 100644 --- a/modules/restic-server-client/default.nix +++ b/modules/restic-server-client/default.nix @@ -1,4 +1,12 @@ -{ hostname, inputs, custom, pkgs, time, ... }: +{ hostname +, inputs +, custom +, path ? "/home/${custom.username}" +, pkgs +, tag ? "home-dir" +, time +, ... +}: { imports = [ "${inputs.self}/modules/telegram-notifications" @@ -24,7 +32,7 @@ script = '' ${pkgs.restic}/bin/restic backup \ --exclude-file=${inputs.self}/modules/restic/excludes.txt \ - --tag home-dir /home/${custom.username} + --tag ${tag} ${path} ${pkgs.restic}/bin/restic forget \ --tag home-dir \ diff --git a/modules/rss-bridge/default.nix b/modules/rss-bridge/default.nix index 845ecf4..ece7f56 100644 --- a/modules/rss-bridge/default.nix +++ b/modules/rss-bridge/default.nix @@ -3,9 +3,6 @@ let whitelist = builtins.toFile "whitelist.txt" ''*''; in { - imports = [ - "${inputs.self}/modules/docker" - ]; virtualisation.oci-containers = { backend = "docker"; containers."rss-brige" = { diff --git a/scrts/pihole_env.age b/scrts/pihole_env.age new file mode 100644 index 0000000..d7a4e07 Binary files /dev/null and b/scrts/pihole_env.age differ diff --git a/scrts/secrets.nix b/scrts/secrets.nix index a4c6296..a5d6b87 100644 --- a/scrts/secrets.nix +++ b/scrts/secrets.nix @@ -34,5 +34,6 @@ in { "plex_claim.age".publicKeys = defaultKeys ++ [ plex ]; "ttrss_env.age".publicKeys = defaultKeys ++ [ ttrss ]; + "pihole_env.age".publicKeys = defaultKeys ++ [ pihole ]; } diff --git a/systems/pihole/default.nix b/systems/pihole/default.nix index b14b958..320e0b4 100644 --- a/systems/pihole/default.nix +++ b/systems/pihole/default.nix @@ -6,6 +6,8 @@ inherit hostname inputs; }) (import "${inputs.self}/modules/restic-server-client" { + path = "/var/lib/pihole"; + tag = "pihole"; time = "05:00"; inherit custom hostname inputs pkgs; }) "${inputs.self}/modules/docker" diff --git a/systems/plex/default.nix b/systems/plex/default.nix index 341f969..82268f9 100644 --- a/systems/plex/default.nix +++ b/systems/plex/default.nix @@ -6,8 +6,11 @@ inherit hostname inputs; }) (import "${inputs.self}/modules/restic-server-client" { + path = "/var/lib/plex"; + tag = "plex"; time = "03:30"; inherit custom hostname inputs pkgs; }) + "${inputs.self}/modules/docker" "${inputs.self}/modules/media-share" "${inputs.self}/modules/plex" ];