diff --git a/nix/hosts/lemp11/default.nix b/nix/hosts/lemp11/default.nix index bef11fd..8b72615 100644 --- a/nix/hosts/lemp11/default.nix +++ b/nix/hosts/lemp11/default.nix @@ -15,6 +15,7 @@ gitea.enable = true; immich.enable = true; jellyfin.enable = true; + pihole.enable = true; tubearchivist-container.enable = true; }; }; diff --git a/nix/modules/nixos/features/homelab/default.nix b/nix/modules/nixos/features/homelab/default.nix index ece76f9..7f84898 100644 --- a/nix/modules/nixos/features/homelab/default.nix +++ b/nix/modules/nixos/features/homelab/default.nix @@ -3,6 +3,7 @@ ./gitea.nix ./immich.nix ./jellyfin.nix + ./pi-hole.nix ./tubearchivist-container.nix ]; } diff --git a/nix/modules/nixos/features/homelab/pi-hole.nix b/nix/modules/nixos/features/homelab/pi-hole.nix new file mode 100644 index 0000000..ac4d11e --- /dev/null +++ b/nix/modules/nixos/features/homelab/pi-hole.nix @@ -0,0 +1,100 @@ +{ + config, + pkgs, + lib, + ... +}: + +with lib; + +{ + options.features.homelab.pihole.enable = mkEnableOption "Enable pihole"; + + config = mkIf config.features.homelab.pihole.enable { + virtualisation = { + docker = { + enable = true; + autoPrune.enable = true; + }; + + oci-containers = { + backend = "docker"; + + containers."pihole" = { + image = "pihole/pihole:latest"; + + environment = { + "TZ" = "Europe/London"; + }; + + volumes = [ + "/media/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw" + "/media/pihole/etc-pihole:/etc/pihole:rw" + ]; + + ports = [ + "53:53/tcp" + "53:53/udp" + "67:67/udp" + "8082:80/tcp" + ]; + + log-driver = "journald"; + + extraOptions = [ + "--cap-add=NET_ADMIN" + "--network-alias=pihole" + "--network=pihole_default" + ]; + }; + }; + }; + + systemd = { + services = { + "docker-pihole" = { + serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartMaxDelaySec = lib.mkOverride 90 "1m"; + RestartSec = lib.mkOverride 90 "100ms"; + RestartSteps = lib.mkOverride 90 9; + }; + + after = [ "docker-network-pihole_default.service" ]; + requires = [ "docker-network-pihole_default.service" ]; + partOf = [ "docker-compose-pihole-root.target" ]; + wantedBy = [ "docker-compose-pihole-root.target" ]; + }; + + "docker-network-pihole_default" = { + path = [ pkgs.docker ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStop = "docker network rm -f pihole_default"; + }; + + script = '' + docker network inspect pihole_default || docker network create pihole_default + ''; + + partOf = [ "docker-compose-pihole-root.target" ]; + wantedBy = [ "docker-compose-pihole-root.target" ]; + }; + }; + + targets."docker-compose-pihole-root" = { + unitConfig = { + Description = "Root target generated by compose2nix."; + }; + + wantedBy = [ "multi-user.target" ]; + }; + }; + + services.nginx.virtualHosts."pihole.localhost" = { + locations."/".proxyPass = "http://localhost:8082/"; + }; + }; +}