From 778433b3186840a7c5849fb1d9a75d208f60b1fe Mon Sep 17 00:00:00 2001 From: Nathan Date: Sat, 17 Jan 2026 10:08:11 -0600 Subject: [PATCH] try networkd again --- system/services/containers/pihole/default.nix | 55 +++++++++++++++++++ .../services/containers/traefik/default.nix | 33 ++++++++++- 2 files changed, 85 insertions(+), 3 deletions(-) diff --git a/system/services/containers/pihole/default.nix b/system/services/containers/pihole/default.nix index 5f6b9c9..781be3c 100644 --- a/system/services/containers/pihole/default.nix +++ b/system/services/containers/pihole/default.nix @@ -26,8 +26,55 @@ ]; nat.internalInterfaces = [ "ve-pihole" ]; + + /*firewall.interfaces."ve-traefik" = { + allowedTCPPorts = [ 53 80 ]; + allowedUDPPorts = [ 53 ]; + };*/ }; + /*services = { + pihole-web = { + enable = true; + + hostName = "pihole.local"; + + ports = [ 80 ]; + }; + + pihole-ftl = { + enable = true; + + openFirewallDNS = true; + openFirewallWebserver = true; + + lists = [ + { + url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; + } + ]; + + settings = { + dns = { + upstreams = [ +#"127.0.0.1#5335" + "1.0.0.1" + "1.1.1.1" + ]; + + cnameRecords = [ + "traefik.local,local.internal.esotericbytes.com" + "pihole.local,local.internal.esotericbytes.com" + "hass.local,local.internal.esotericbytes.com" + ]; + }; + + misc.dnsmasq_lines = [ "interface=ve-traefik" ]; + }; + }; + };*/ + + containers.pihole = { autoStart = true; @@ -130,8 +177,16 @@ systemd.services.pihole-ftl-setup.preStart = '' while [[ ! ''$(ip l | grep eth0 | grep UP) ]]; do sleep 1; done; ''; + + systemd.network = { + enable = true; + networks."eth0@if24" = { + linkConfig.requiredForOnline = "yes"; + }; + }; networking = { + useHostResolvConf = false; firewall.allowedTCPPorts = [ 5335 ]; firewall.allowedUDPPorts = [ 5335 ]; }; diff --git a/system/services/containers/traefik/default.nix b/system/services/containers/traefik/default.nix index b130ac5..ce1de8f 100644 --- a/system/services/containers/traefik/default.nix +++ b/system/services/containers/traefik/default.nix @@ -87,6 +87,9 @@ }; }; }; + dns = { + address = ":53"; + }; }; log = { level = "INFO"; @@ -235,16 +238,40 @@ servers = [ { url = "http://192.168.100.23:80"; } ]; }; - homeassistant.loadBalancer.servers = [ "http://192.168.100.25:8123" ]; + homeassistant.loadBalancer.servers = [ { url = "http://192.168.100.25:8123"; } ]; n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ]; }; }; + + /*tcp = { + routers = { + pihole = { + entryPoints = [ "dns" ]; + }; + }; + + services = { + pihole.loadBalancer.servers = [ { url = "tcp://192.168.100.28:53"; } ]; + }; + }; + + udp = { + routers = { + pihole = { + entryPoints = [ "dns" ]; + }; + }; + + services = { + pihole.loadBalancer.servers = [ { url = "udp://192.168.100.28:53"; } ]; + }; + };*/ }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ 80 443 53 ]; + networking.firewall.allowedUDPPorts = [ 80 443 53 ]; system.stateVersion = "24.05"; };