update:

2024-12-04 22:58:32 +01:00 · 2024-12-04 22:58:32 +01:00 · 05565f5465
commit 05565f5465
parent 1a4c1f182d
2 changed files with 74 additions and 70 deletions
--- a/examples/example-system.flake.nix
+++ b/examples/example-system.flake.nix
@ -27,19 +27,23 @@
    };
  };

-  outputs = { self, nixpkgs, linger, pihole, ... }:
-    let
+  outputs = {
+    self,
+    nixpkgs,
+    linger,
+    pihole,
+    ...
+  }: let
    system = "x86_64-linux";
    # use x86_64 packages from nixpkgs
    pkgs = nixpkgs.legacyPackages.${system};
-
  in {
    nixosConfigurations."nixos-example-system" = nixpkgs.lib.nixosSystem {
      # nixosSystem needs to know the system architecture
      inherit system;
      modules = [
        # a small module for enabling nix flakes
-          { ... }: {
+        ({...}: {
          nix = {
            packge = pkgs.nixFlakes;
            extraOptions = "experimental-features = nix-command flake";
@ -48,7 +52,7 @@
            # see https://dataswamp.org/~solene/2022-07-20-nixos-flakes-command-sync-with-system.html
            registry.nixpkgs.flake = nixpkgs;
          };
-          }
+        })

        # some existing system & hardware configuration modules; it is assumed that a user named `pihole` is defined here
        # and that the user has sub-uids/gids configured (e.g. via the `users.users.pihole.subUidRanges/subGidRanges` options)
@ -60,7 +64,7 @@
        pihole.nixosModules.${system}.default

        # in another module we can now configure the lingering behaviour (could also be part of ./configuration.nix)
-          { ... }: {
+        ({...}: {
          # required for stable restarts of the Pi-hole container (try to remove it to see the warning from the pihole-flake)
          boot.cleanTmpDir = true;

@ -95,10 +99,10 @@
          # we need to open the ports in the firewall to make the service accessible beyond `localhost`
          # assuming that Pi-hole is exposed on the host interface `eth0`
          networking.firewall.interfaces.eth0 = {
-              allowedTCPPorts = [ 5335 8080 ];
-              allowedUDPPorts = [ 5335 ];
+            allowedTCPPorts = [5335 8080];
+            allowedUDPPorts = [5335];
          };
-          }
+        })
      ];
    };
  };
--- a/modules/pihole-container.factory.nix
+++ b/modules/pihole-container.factory.nix
@ -327,7 +327,7 @@ in rec {
  config = mkIf cfg.enable {

    assertions = [
-      { assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0;
+      { assertion = length hostUserCfg.subUidRanges > 0 && length hostUserCfg.subGidRanges > 0 || hostUserCfg.autoSubUidGidRanges;
        message = ''
          The host user most have configured subUidRanges & subGidRanges as pihole is running in a rootless podman container.
        '';