2024-06-18 19:38:41 +07:00
|
|
|
{ config, lib, ... }:
|
2024-06-17 01:06:03 +07:00
|
|
|
let
|
|
|
|
name = "pihole";
|
|
|
|
podman = config.profile.podman;
|
|
|
|
pihole = podman.pihole;
|
2024-06-18 19:38:41 +07:00
|
|
|
inherit (lib) mkIf attrsets;
|
|
|
|
ip = "10.88.1.1";
|
2024-06-19 12:49:23 +07:00
|
|
|
image = "docker.io/pihole/pihole:latest";
|
2024-10-28 21:38:34 +07:00
|
|
|
piholeDNSIPBind = "192.168.100.5";
|
2024-11-24 21:31:04 +07:00
|
|
|
domain = "${name}.tigor.web.id";
|
2024-06-17 01:06:03 +07:00
|
|
|
in
|
|
|
|
{
|
|
|
|
config = mkIf (podman.enable && pihole.enable) {
|
2024-11-24 21:31:04 +07:00
|
|
|
services.nginx.virtualHosts.${domain} = {
|
|
|
|
useACMEHost = "tigor.web.id";
|
2024-11-24 20:16:30 +07:00
|
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
|
|
"= /" = {
|
|
|
|
return = "301 /admin";
|
|
|
|
};
|
|
|
|
"/" = {
|
|
|
|
proxyPass = "http://${ip}:80";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-11-24 21:31:04 +07:00
|
|
|
security.acme.certs."tigor.web.id".extraDomainNames = [ domain ];
|
|
|
|
|
2024-06-17 01:06:03 +07:00
|
|
|
sops.secrets."pihole/env" = {
|
|
|
|
sopsFile = ../../secrets/pihole.yaml;
|
|
|
|
};
|
|
|
|
|
2024-06-17 19:54:21 +07:00
|
|
|
networking.nameservers = [ piholeDNSIPBind ];
|
2024-06-17 01:06:03 +07:00
|
|
|
|
2024-06-17 21:48:57 +07:00
|
|
|
# We have refresh the custom.list dns list when caddy virtual hosts changes,
|
2024-06-17 23:28:22 +07:00
|
|
|
# the easiest way to do so is to restart the pihole container.
|
|
|
|
#
|
|
|
|
# This works by collecting all the virtual hosts defined in caddy
|
|
|
|
# and check if the length of the list changes, if it does, we restart the pihole container.
|
2024-10-21 12:31:30 +07:00
|
|
|
systemd.services."podman-${name}".restartTriggers = attrsets.mapAttrsToList (
|
|
|
|
name: _: name
|
|
|
|
) config.services.caddy.virtualHosts;
|
2024-06-17 11:53:01 +07:00
|
|
|
environment.etc."pihole/custom.list" = {
|
|
|
|
# Copy file instead of symlink
|
2024-06-17 19:54:21 +07:00
|
|
|
mode = "0444";
|
2024-06-17 11:53:01 +07:00
|
|
|
|
|
|
|
# Creates a pihole custom.list file with the following pattern:
|
|
|
|
#
|
|
|
|
# custom.list:
|
|
|
|
# 192.168.100.5 {domain_name_1}
|
|
|
|
# 192.168.100.5 {domain_name_2}
|
|
|
|
#
|
2024-11-24 21:49:24 +07:00
|
|
|
# For each domain defined in services.nginx.virtualHosts
|
2024-06-17 11:53:01 +07:00
|
|
|
text =
|
|
|
|
let
|
|
|
|
inherit (lib) strings attrsets;
|
|
|
|
in
|
2024-07-26 20:10:32 +07:00
|
|
|
''
|
|
|
|
192.168.100.5 vpn.tigor.web.id
|
|
|
|
${strings.concatStringsSep "\n" (
|
2024-10-21 12:31:30 +07:00
|
|
|
attrsets.mapAttrsToList (
|
|
|
|
name: _: "192.168.100.5 ${strings.removePrefix "https://" name}"
|
2024-11-24 20:16:30 +07:00
|
|
|
) config.services.nginx.virtualHosts
|
2024-07-26 20:10:32 +07:00
|
|
|
)}
|
2024-06-17 11:53:01 +07:00
|
|
|
'';
|
|
|
|
};
|
2024-06-17 19:54:21 +07:00
|
|
|
virtualisation.oci-containers.containers.${name} = {
|
2024-06-17 01:06:03 +07:00
|
|
|
inherit image;
|
2024-06-18 19:38:41 +07:00
|
|
|
hostname = name;
|
2024-06-17 01:06:03 +07:00
|
|
|
environment = {
|
|
|
|
TZ = "Asia/Jakarta";
|
2024-10-29 21:07:04 +07:00
|
|
|
PIHOLE_DNS_ = "192.168.100.3";
|
2024-06-17 01:06:31 +07:00
|
|
|
DHCP_ACTIVE = "true";
|
2024-06-17 01:06:03 +07:00
|
|
|
DHCP_START = "192.168.100.20";
|
|
|
|
DHCP_END = "192.168.100.254";
|
|
|
|
DHCP_ROUTER = "192.168.100.1";
|
2024-06-17 11:53:01 +07:00
|
|
|
DNS_BOGUS_PRIV = "false";
|
|
|
|
DNS_FQDN_REQUIRED = "false";
|
2024-06-17 01:06:03 +07:00
|
|
|
};
|
|
|
|
ports = [
|
2024-06-17 18:47:23 +07:00
|
|
|
"${piholeDNSIPBind}:53:53/udp"
|
2024-06-17 01:06:03 +07:00
|
|
|
"67:67/udp"
|
2024-10-28 21:38:34 +07:00
|
|
|
"2000:80/tcp"
|
2024-06-17 01:06:03 +07:00
|
|
|
];
|
|
|
|
volumes = [
|
|
|
|
"pihole-etc:/etc/pihole"
|
|
|
|
"pihole-dnsmasq:/etc/dnsmasq.d"
|
2024-06-17 11:53:01 +07:00
|
|
|
"/etc/pihole/custom.list:/etc/pihole/custom.list"
|
2024-06-17 01:06:03 +07:00
|
|
|
];
|
2024-10-21 12:31:30 +07:00
|
|
|
environmentFiles = [ config.sops.secrets."pihole/env".path ];
|
2024-06-17 01:06:03 +07:00
|
|
|
extraOptions = [
|
|
|
|
"--ip=${ip}"
|
2024-06-18 19:38:41 +07:00
|
|
|
"--network=podman"
|
2024-06-17 01:06:03 +07:00
|
|
|
"--cap-add=NET_ADMIN"
|
|
|
|
"--cap-add=NET_BIND_SERVICE"
|
|
|
|
"--cap-add=NET_RAW"
|
|
|
|
"--cap-add=SYS_NICE"
|
|
|
|
"--cap-add=CHOWN"
|
|
|
|
];
|
2024-06-19 12:49:23 +07:00
|
|
|
labels = {
|
|
|
|
"io.containers.autoupdate" = "registry";
|
|
|
|
};
|
2024-06-17 01:06:03 +07:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|