68 lines
1.7 KiB
Nix
68 lines
1.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
name = "pihole";
|
|
podman = config.profile.podman;
|
|
pihole = podman.pihole;
|
|
inherit (lib) mkIf;
|
|
gateway = "10.1.1.1";
|
|
subnet = "10.1.1.0/29";
|
|
ip = "10.1.1.3";
|
|
ip-range = "10.1.1.3/29";
|
|
image = "pihole/pihole:latest";
|
|
in
|
|
{
|
|
config = mkIf (podman.enable && pihole.enable) {
|
|
services.caddy.virtualHosts."pihole.tigor.web.id".extraConfig = ''
|
|
@root path /
|
|
redir @root /admin
|
|
reverse_proxy ${ip}:80
|
|
'';
|
|
|
|
sops.secrets."pihole/env" = {
|
|
sopsFile = ../../secrets/pihole.yaml;
|
|
};
|
|
|
|
|
|
systemd.services.create-kavita-network = {
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
RemainAfterExit = true;
|
|
};
|
|
wantedBy = [ "podman-pihole.service" ];
|
|
script = ''${pkgs.podman}/bin/podman network exists ${name} || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} ${name}'';
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.pihole = {
|
|
inherit image;
|
|
environment = {
|
|
TZ = "Asia/Jakarta";
|
|
PIHOLE_DNS_ = "192.168.100.5";
|
|
DHCP_ACTIVE = "true";
|
|
DHCP_START = "192.168.100.20";
|
|
DHCP_END = "192.168.100.254";
|
|
DHCP_ROUTER = "192.168.100.1";
|
|
};
|
|
ports = [
|
|
"192.168.100.4:53:53/udp"
|
|
"67:67/udp"
|
|
];
|
|
volumes = [
|
|
"pihole-etc:/etc/pihole"
|
|
"pihole-dnsmasq:/etc/dnsmasq.d"
|
|
];
|
|
environmentFiles = [
|
|
config.sops.secrets."pihole/env".path
|
|
];
|
|
extraOptions = [
|
|
"--ip=${ip}"
|
|
"--network=${name}"
|
|
"--cap-add=NET_ADMIN"
|
|
"--cap-add=NET_BIND_SERVICE"
|
|
"--cap-add=NET_RAW"
|
|
"--cap-add=SYS_NICE"
|
|
"--cap-add=CHOWN"
|
|
];
|
|
};
|
|
};
|
|
}
|