maix/pihole-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update:

Browse source
This commit is contained in:
maix0 2024-12-04 22:58:32 +01:00
parent 1a4c1f182d
commit 05565f5465
2 changed files with 74 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

142
examples/example-system.flake.nix
View file

@ -27,79 +27,83 @@
};
};
outputs = { self, nixpkgs, linger, pihole, ... }:
let
system = "x86_64-linux";
# use x86_64 packages from nixpkgs
pkgs = nixpkgs.legacyPackages.${system};
outputs = {
self,
nixpkgs,
linger,
pihole,
...
}: let
system = "x86_64-linux";
# use x86_64 packages from nixpkgs
pkgs = nixpkgs.legacyPackages.${system};
in {
nixosConfigurations."nixos-example-system" = nixpkgs.lib.nixosSystem {
# nixosSystem needs to know the system architecture
inherit system;
modules = [
# a small module for enabling nix flakes
({...}: {
nix = {
packge = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flake";
in {
nixosConfigurations."nixos-example-system" = nixpkgs.lib.nixosSystem {
# nixosSystem needs to know the system architecture
inherit system;
modules = [
# a small module for enabling nix flakes
{ ... }: {
nix = {
packge = pkgs.nixFlakes;
extraOptions = "experimental-features = nix-command flake";
# Opinionated: use system flake's (locked) `nixpkgs` as default `nixpkgs` for flake commands
# see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
registry.nixpkgs.flake = nixpkgs;
};
})
# Opinionated: use system flake's (locked) `nixpkgs` as default `nixpkgs` for flake commands
# see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
registry.nixpkgs.flake = nixpkgs;
# some existing system & hardware configuration modules; it is assumed that a user named `pihole` is defined here
# and that the user has sub-uids/gids configured (e.g. via the `users.users.pihole.subUidRanges/subGidRanges` options)
./configuration.nix
./hardware.nix
# make the module declared by the linger flake available to our config
linger.nixosModules.${system}.default
pihole.nixosModules.${system}.default
# in another module we can now configure the lingering behaviour (could also be part of ./configuration.nix)
({...}: {
# required for stable restarts of the Pi-hole container (try to remove it to see the warning from the pihole-flake)
boot.cleanTmpDir = true;
# the Pi-hole service configuration
services.pihole = {
enable = true;
hostConfig = {
# define the service user for running the rootless Pi-hole container
user = "pihole";
enableLingeringForUser = true;
# we want to persist change to the Pi-hole configuration & logs across service restarts
# check the option descriptions for more information
persistVolumes = true;
# expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
# check the option descriptions for more information
dnsPort = 5335;
webProt = 8080;
};
}
# some existing system & hardware configuration modules; it is assumed that a user named `pihole` is defined here
# and that the user has sub-uids/gids configured (e.g. via the `users.users.pihole.subUidRanges/subGidRanges` options)
./configuration.nix
./hardware.nix
# make the module declared by the linger flake available to our config
linger.nixosModules.${system}.default
pihole.nixosModules.${system}.default
# in another module we can now configure the lingering behaviour (could also be part of ./configuration.nix)
{ ... }: {
# required for stable restarts of the Pi-hole container (try to remove it to see the warning from the pihole-flake)
boot.cleanTmpDir = true;
# the Pi-hole service configuration
services.pihole = {
enable = true;
hostConfig = {
# define the service user for running the rootless Pi-hole container
user = "pihole";
enableLingeringForUser = true;
# we want to persist change to the Pi-hole configuration & logs across service restarts
# check the option descriptions for more information
persistVolumes = true;
# expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
# check the option descriptions for more information
dnsPort = 5335;
webProt = 8080;
};
piholeConfig.ftl = {
# assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
# check the option description & the FTLDNS documentation for more information
LOCAL_IPV4 = "192.168.0.2";
};
piholeCOnfig.web = {
virtualHost = "pi.hole";
password = "password";
};
piholeConfig.ftl = {
# assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
# check the option description & the FTLDNS documentation for more information
LOCAL_IPV4 = "192.168.0.2";
};
# we need to open the ports in the firewall to make the service accessible beyond `localhost`
# assuming that Pi-hole is exposed on the host interface `eth0`
networking.firewall.interfaces.eth0 = {
allowedTCPPorts = [ 5335 8080 ];
allowedUDPPorts = [ 5335 ];
piholeCOnfig.web = {
virtualHost = "pi.hole";
password = "password";
};
}
];
};
};
# we need to open the ports in the firewall to make the service accessible beyond `localhost`
# assuming that Pi-hole is exposed on the host interface `eth0`
networking.firewall.interfaces.eth0 = {
allowedTCPPorts = [5335 8080];
allowedUDPPorts = [5335];
};
})
];
};
};
}

2
modules/pihole-container.factory.nix
View file

@ -327,7 +327,7 @@ in rec {
config = mkIf cfg.enable {
assertions = [
{ assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0;
{ assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0 || hostUserCfg.autoSubUidGidRanges;
message = ''
The host user most have configured subUidRanges & subGidRanges as pihole is running in a rootless podman container.
'';