From 5b67a48d80951fa6d234f76db80cf03505479417 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Mon, 21 Apr 2025 12:36:43 +0100 Subject: [PATCH] Migrate Pi-hole from Docker to Podman --- hosts/nixedo/configuration.nix | 2 +- hosts/nixedo/modules/containers/pi-hole.nix | 101 +++++--------------- modules/mixins/podman.nix | 16 ++++ 3 files changed, 42 insertions(+), 77 deletions(-) create mode 100644 modules/mixins/podman.nix diff --git a/hosts/nixedo/configuration.nix b/hosts/nixedo/configuration.nix index ed39e6f2..b081f823 100644 --- a/hosts/nixedo/configuration.nix +++ b/hosts/nixedo/configuration.nix @@ -10,9 +10,9 @@ ./secrets.nix mixins-common - mixins-docker mixins-fzf mixins-openssh + mixins-podman mixins-starship mixins-zsh diff --git a/hosts/nixedo/modules/containers/pi-hole.nix b/hosts/nixedo/modules/containers/pi-hole.nix index 9e125af7..9923d87d 100644 --- a/hosts/nixedo/modules/containers/pi-hole.nix +++ b/hosts/nixedo/modules/containers/pi-hole.nix @@ -1,90 +1,39 @@ -{ pkgs, lib, ... }: +{ lib, ... }: let port = 8082; in { - virtualisation = { - docker = { - enable = true; - autoPrune.enable = true; + virtualisation.oci-containers.containers."pihole" = { + image = "pihole/pihole:latest"; + + environment = { + PIHOLE_DNS_1 = "8.8.8.8"; + PIHOLE_DNS_2 = "8.8.4.4"; + TZ = "Europe/London"; }; - oci-containers = { - backend = "docker"; + volumes = [ + "/home/opdavies/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw" + "/home/opdavies/pihole/etc-pihole:/etc/pihole:rw" + ]; - containers."pihole" = { - image = "pihole/pihole:latest"; + ports = [ + "53:53/tcp" + "53:53/udp" + "67:67/udp" + "${toString port}:80/tcp" + ]; - environment = { - "PIHOLE_DNS_1" = "8.8.8.8"; - "PIHOLE_DNS_2" = "8.8.4.4"; - "TZ" = "Europe/London"; - }; + log-driver = "journald"; - volumes = [ - "/home/opdavies/pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw" - "/home/opdavies/pihole/etc-pihole:/etc/pihole:rw" - ]; - - ports = [ - "53:53/tcp" - "53:53/udp" - "67:67/udp" - "${toString port}:80/tcp" - ]; - - log-driver = "journald"; - - extraOptions = [ - "--cap-add=NET_ADMIN" - "--network-alias=pihole" - "--network=pihole_default" - ]; - }; - }; + extraOptions = [ + "--cap-add=NET_ADMIN" + ]; }; - systemd = { - services = { - "docker-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - RestartMaxDelaySec = lib.mkOverride 90 "1m"; - RestartSec = lib.mkOverride 90 "100ms"; - RestartSteps = lib.mkOverride 90 9; - }; - - after = [ "docker-network-pihole_default.service" ]; - requires = [ "docker-network-pihole_default.service" ]; - partOf = [ "docker-compose-pihole-root.target" ]; - wantedBy = [ "docker-compose-pihole-root.target" ]; - }; - - "docker-network-pihole_default" = { - path = [ pkgs.docker ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "docker network rm -f pihole_default"; - }; - - script = '' - docker network inspect pihole_default || docker network create pihole_default - ''; - - partOf = [ "docker-compose-pihole-root.target" ]; - wantedBy = [ "docker-compose-pihole-root.target" ]; - }; - }; - - targets."docker-compose-pihole-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - - wantedBy = [ "multi-user.target" ]; - }; + systemd.services."podman-pihole".serviceConfig = { + Restart = lib.mkOverride 90 "always"; + RestartSec = lib.mkOverride 90 "1s"; }; } diff --git a/modules/mixins/podman.nix b/modules/mixins/podman.nix new file mode 100644 index 00000000..05c99288 --- /dev/null +++ b/modules/mixins/podman.nix @@ -0,0 +1,16 @@ +{ + virtualisation = { + oci-containers.backend = "podman"; + + podman = { + enable = true; + + autoPrune = { + enable = true; + dates = "weekly"; + }; + }; + }; + + users.users.opdavies.extraGroups = [ "podman" ]; +}