nix-config/modules/nixos/homelab/containers/pi-hole.nix

{
  config,
  pkgs,
  lib,
  ...
}:

with lib;

let
  port = 8082;
in
{
  options.nixosModules.pihole.enable = mkEnableOption "Enable pihole";

  config = mkIf config.nixosModules.pihole.enable {
    virtualisation = {
      docker = {
        enable = true;
        autoPrune.enable = true;
      };

      oci-containers = {
        backend = "docker";

        containers."pihole" = {
          image = "pihole/pihole:latest";

          environment = {
            "PIHOLE_DNS_1" = "8.8.8.8";
            "PIHOLE_DNS_2" = "8.8.4.4";
            "TZ" = "Europe/London";
          };

          volumes = [
            "/home/opdavies/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw"
            "/home/opdavies/pihole/etc-pihole:/etc/pihole:rw"
          ];

          ports = [
            "53:53/tcp"
            "53:53/udp"
            "67:67/udp"
            "${toString port}:80/tcp"
          ];

          log-driver = "journald";

          extraOptions = [
            "--cap-add=NET_ADMIN"
            "--network-alias=pihole"
            "--network=pihole_default"
          ];
        };
      };
    };

    systemd = {
      services = {
        "docker-pihole" = {
          serviceConfig = {
            Restart = lib.mkOverride 90 "always";
            RestartMaxDelaySec = lib.mkOverride 90 "1m";
            RestartSec = lib.mkOverride 90 "100ms";
            RestartSteps = lib.mkOverride 90 9;
          };

          after = [ "docker-network-pihole_default.service" ];
          requires = [ "docker-network-pihole_default.service" ];
          partOf = [ "docker-compose-pihole-root.target" ];
          wantedBy = [ "docker-compose-pihole-root.target" ];
        };

        "docker-network-pihole_default" = {
          path = [ pkgs.docker ];

          serviceConfig = {
            Type = "oneshot";
            RemainAfterExit = true;
            ExecStop = "docker network rm -f pihole_default";
          };

          script = ''
            docker network inspect pihole_default || docker network create pihole_default
          '';

          partOf = [ "docker-compose-pihole-root.target" ];
          wantedBy = [ "docker-compose-pihole-root.target" ];
        };
      };

      targets."docker-compose-pihole-root" = {
        unitConfig = {
          Description = "Root target generated by compose2nix.";
        };

        wantedBy = [ "multi-user.target" ];
      };
    };
  };
}
Add pi-hole 2024-12-11 21:58:48 +00:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`...`
			`}:`

			`with lib;`

Refactor local Nginx virtual hosts and update ...local hostnames 2024-12-15 23:13:11 +00:00			`let`
			`port = 8082;`
			`in`
Add pi-hole 2024-12-11 21:58:48 +00:00			`{`
Use nixosModules and homeManagerModules for config 2025-03-05 15:09:06 +00:00			`options.nixosModules.pihole.enable = mkEnableOption "Enable pihole";`
Add pi-hole 2024-12-11 21:58:48 +00:00
Use nixosModules and homeManagerModules for config 2025-03-05 15:09:06 +00:00			`config = mkIf config.nixosModules.pihole.enable {`
Add pi-hole 2024-12-11 21:58:48 +00:00			`virtualisation = {`
			`docker = {`
			`enable = true;`
			`autoPrune.enable = true;`
			`};`

			`oci-containers = {`
			`backend = "docker";`

			`containers."pihole" = {`
			`image = "pihole/pihole:latest";`

			`environment = {`
Group containers into their own directory 2025-01-17 21:23:01 +00:00			`"PIHOLE_DNS_1" = "8.8.8.8";`
			`"PIHOLE_DNS_2" = "8.8.4.4";`
Add pi-hole 2024-12-11 21:58:48 +00:00			`"TZ" = "Europe/London";`
			`};`

			`volumes = [`
Change the pihole mount directories Whilst doing this to /mnt/media, the adlist was showing as -2 and saying that DNS resolution was not possible. This was preventing any ads from being blocked. Moving this to a local directory seems to fix the issue and I'll investigate further at a later date. 2024-12-30 10:33:03 +00:00			`"/home/opdavies/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw"`
			`"/home/opdavies/pihole/etc-pihole:/etc/pihole:rw"`
Add pi-hole 2024-12-11 21:58:48 +00:00			`];`

			`ports = [`
			`"53:53/tcp"`
			`"53:53/udp"`
			`"67:67/udp"`
Refactor local Nginx virtual hosts and update ...local hostnames 2024-12-15 23:13:11 +00:00			`"${toString port}:80/tcp"`
Add pi-hole 2024-12-11 21:58:48 +00:00			`];`

			`log-driver = "journald";`

			`extraOptions = [`
			`"--cap-add=NET_ADMIN"`
			`"--network-alias=pihole"`
			`"--network=pihole_default"`
			`];`
			`};`
			`};`
			`};`

			`systemd = {`
			`services = {`
			`"docker-pihole" = {`
			`serviceConfig = {`
			`Restart = lib.mkOverride 90 "always";`
			`RestartMaxDelaySec = lib.mkOverride 90 "1m";`
			`RestartSec = lib.mkOverride 90 "100ms";`
			`RestartSteps = lib.mkOverride 90 9;`
			`};`

			`after = [ "docker-network-pihole_default.service" ];`
			`requires = [ "docker-network-pihole_default.service" ];`
			`partOf = [ "docker-compose-pihole-root.target" ];`
			`wantedBy = [ "docker-compose-pihole-root.target" ];`
			`};`

			`"docker-network-pihole_default" = {`
			`path = [ pkgs.docker ];`

			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = true;`
			`ExecStop = "docker network rm -f pihole_default";`
			`};`

			`script = ''`
			`docker network inspect pihole_default \|\| docker network create pihole_default`
			`'';`

			`partOf = [ "docker-compose-pihole-root.target" ];`
			`wantedBy = [ "docker-compose-pihole-root.target" ];`
			`};`
			`};`

			`targets."docker-compose-pihole-root" = {`
			`unitConfig = {`
			`Description = "Root target generated by compose2nix.";`
			`};`

			`wantedBy = [ "multi-user.target" ];`
			`};`
			`};`
			`};`
			`}`