43 lines
1.1 KiB
Nix
43 lines
1.1 KiB
Nix
{ custom }: { config, ... }:
|
|
let
|
|
service-name = "${config.virtualisation.oci-containers.backend}-pihole";
|
|
in
|
|
{
|
|
networking = {
|
|
firewall.allowedTCPPorts = [
|
|
53 # DNS
|
|
67 # DHCP
|
|
80 # Web Interface
|
|
];
|
|
firewall.allowedUDPPorts = [
|
|
53 # DNS
|
|
67 # DHCP
|
|
];
|
|
};
|
|
age.secrets.piholeEnv.file = "${custom.inputs.self}/scrts/pihole_env.age";
|
|
virtualisation.oci-containers = {
|
|
backend = "docker";
|
|
containers."pihole" = {
|
|
image = "pihole/pihole";
|
|
autoStart = true;
|
|
environment = {
|
|
TZ = "Europe/Zurich";
|
|
ServerIP = "10.7.89.2";
|
|
DNS1 = "127.0.0.1#5335"; # we're using the local unboud server here
|
|
RATE_LIMIT = "10000/60";
|
|
};
|
|
environmentFiles = [ config.age.secrets.piholeEnv.path ];
|
|
volumes = [
|
|
"/var/lib/pihole/etc-pihole:/etc/pihole/"
|
|
"/var/lib/pihole/etc-dnsmasq.d:/etc/dnsmasq.d/"
|
|
"/etc/localtime:/etc/localtime:ro"
|
|
];
|
|
extraOptions = [
|
|
"--network=host"
|
|
"--cap-add=NET_ADMIN"
|
|
];
|
|
};
|
|
};
|
|
systemd.services.${service-name}.after = [ "unbound.service" ];
|
|
}
|