From 05565f54652e5f3f8ae65457accc5c5e6d4cc794 Mon Sep 17 00:00:00 2001
From: maix0 <maieul.dev@familleboyer.net>
Date: Wed, 4 Dec 2024 22:58:32 +0100
Subject: [PATCH] update:

---
 examples/example-system.flake.nix    | 142 ++++++++++++++-------------
 modules/pihole-container.factory.nix |   2 +-
 2 files changed, 74 insertions(+), 70 deletions(-)

diff --git a/examples/example-system.flake.nix b/examples/example-system.flake.nix
index 43ce573..3934c71 100644
--- a/examples/example-system.flake.nix
+++ b/examples/example-system.flake.nix
@@ -27,79 +27,83 @@
     };
   };
 
-  outputs = { self, nixpkgs, linger, pihole, ... }:
-    let
-      system = "x86_64-linux";
-      # use x86_64 packages from nixpkgs
-      pkgs = nixpkgs.legacyPackages.${system};
+  outputs = {
+    self,
+    nixpkgs,
+    linger,
+    pihole,
+    ...
+  }: let
+    system = "x86_64-linux";
+    # use x86_64 packages from nixpkgs
+    pkgs = nixpkgs.legacyPackages.${system};
+  in {
+    nixosConfigurations."nixos-example-system" = nixpkgs.lib.nixosSystem {
+      # nixosSystem needs to know the system architecture
+      inherit system;
+      modules = [
+        # a small module for enabling nix flakes
+        ({...}: {
+          nix = {
+            packge = pkgs.nixFlakes;
+            extraOptions = "experimental-features = nix-command flake";
 
-    in {
-      nixosConfigurations."nixos-example-system" = nixpkgs.lib.nixosSystem {
-        # nixosSystem needs to know the system architecture
-        inherit system;
-        modules = [
-          # a small module for enabling nix flakes
-          { ... }: {
-            nix = {
-              packge = pkgs.nixFlakes;
-              extraOptions = "experimental-features = nix-command flake";
+            # Opinionated: use system flake's (locked) `nixpkgs` as default `nixpkgs` for flake commands
+            # see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
+            registry.nixpkgs.flake = nixpkgs;
+          };
+        })
 
-              # Opinionated: use system flake's (locked) `nixpkgs` as default `nixpkgs` for flake commands
-              # see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
-              registry.nixpkgs.flake = nixpkgs;
+        # some existing system & hardware configuration modules; it is assumed that a user named `pihole` is defined here
+        # and that the user has sub-uids/gids configured (e.g. via the `users.users.pihole.subUidRanges/subGidRanges` options)
+        ./configuration.nix
+        ./hardware.nix
+
+        # make the module declared by the linger flake available to our config
+        linger.nixosModules.${system}.default
+        pihole.nixosModules.${system}.default
+
+        # in another module we can now configure the lingering behaviour (could also be part of ./configuration.nix)
+        ({...}: {
+          # required for stable restarts of the Pi-hole container (try to remove it to see the warning from the pihole-flake)
+          boot.cleanTmpDir = true;
+
+          # the Pi-hole service configuration
+          services.pihole = {
+            enable = true;
+            hostConfig = {
+              # define the service user for running the rootless Pi-hole container
+              user = "pihole";
+              enableLingeringForUser = true;
+
+              # we want to persist change to the Pi-hole configuration & logs across service restarts
+              # check the option descriptions for more information
+              persistVolumes = true;
+
+              # expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
+              # check the option descriptions for more information
+              dnsPort = 5335;
+              webProt = 8080;
             };
-          }
-
-          # some existing system & hardware configuration modules; it is assumed that a user named `pihole` is defined here
-          # and that the user has sub-uids/gids configured (e.g. via the `users.users.pihole.subUidRanges/subGidRanges` options)
-          ./configuration.nix
-          ./hardware.nix
-
-          # make the module declared by the linger flake available to our config
-          linger.nixosModules.${system}.default
-          pihole.nixosModules.${system}.default
-
-          # in another module we can now configure the lingering behaviour (could also be part of ./configuration.nix)
-          { ... }: {
-            # required for stable restarts of the Pi-hole container (try to remove it to see the warning from the pihole-flake)
-            boot.cleanTmpDir = true;
-
-            # the Pi-hole service configuration
-            services.pihole = {
-              enable = true;
-              hostConfig = {
-                # define the service user for running the rootless Pi-hole container
-                user = "pihole";
-                enableLingeringForUser = true;
-
-                # we want to persist change to the Pi-hole configuration & logs across service restarts
-                # check the option descriptions for more information
-                persistVolumes = true;
-
-                # expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
-                # check the option descriptions for more information
-                dnsPort = 5335;
-                webProt = 8080;
-              };
-              piholeConfig.ftl = {
-                # assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
-                # check the option description & the FTLDNS documentation for more information
-                LOCAL_IPV4 = "192.168.0.2";
-              };
-              piholeCOnfig.web = {
-                virtualHost = "pi.hole";
-                password = "password";
-              };
+            piholeConfig.ftl = {
+              # assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
+              # check the option description & the FTLDNS documentation for more information
+              LOCAL_IPV4 = "192.168.0.2";
             };
-
-            # we need to open the ports in the firewall to make the service accessible beyond `localhost`
-            # assuming that Pi-hole is exposed on the host interface `eth0`
-            networking.firewall.interfaces.eth0 = {
-              allowedTCPPorts = [ 5335 8080 ];
-              allowedUDPPorts = [ 5335 ];
+            piholeCOnfig.web = {
+              virtualHost = "pi.hole";
+              password = "password";
             };
-          }
-        ];
-      };
+          };
+
+          # we need to open the ports in the firewall to make the service accessible beyond `localhost`
+          # assuming that Pi-hole is exposed on the host interface `eth0`
+          networking.firewall.interfaces.eth0 = {
+            allowedTCPPorts = [5335 8080];
+            allowedUDPPorts = [5335];
+          };
+        })
+      ];
     };
+  };
 }
diff --git a/modules/pihole-container.factory.nix b/modules/pihole-container.factory.nix
index 6c54b9b..6cc01e0 100644
--- a/modules/pihole-container.factory.nix
+++ b/modules/pihole-container.factory.nix
@@ -327,7 +327,7 @@ in rec {
   config = mkIf cfg.enable {
 
     assertions = [
-      { assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0;
+      { assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0 || hostUserCfg.autoSubUidGidRanges;
         message = ''
           The host user most have configured subUidRanges & subGidRanges as pihole is running in a rootless podman container.
         '';