From ef5bff796eba42c748278261b7a79925f421ed0c Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 30 Jul 2025 22:25:16 -0500 Subject: [PATCH] pihole wip --- .../containers/homeassistant/default.nix | 3 +- .../services/containers/pihole/default.nix | 33 +++++ .../containers/pihole/docker-compose.nix | 125 ------------------ 3 files changed, 35 insertions(+), 126 deletions(-) delete mode 100644 system-config/services/containers/pihole/docker-compose.nix diff --git a/system-config/services/containers/homeassistant/default.nix b/system-config/services/containers/homeassistant/default.nix index a4b2ab7..743a0b2 100644 --- a/system-config/services/containers/homeassistant/default.nix +++ b/system-config/services/containers/homeassistant/default.nix @@ -29,13 +29,14 @@ extraComponents = [ "wyoming" + "ollama" ]; config = { homeassistant.unit_system = "us_customary"; }; - #configWritable = true; + configWritable = true; }; diff --git a/system-config/services/containers/pihole/default.nix b/system-config/services/containers/pihole/default.nix index ba2b7c7..b57aeea 100644 --- a/system-config/services/containers/pihole/default.nix +++ b/system-config/services/containers/pihole/default.nix @@ -19,6 +19,39 @@ path = "/ssd1/Pihole/.env"; }; + + containers.pihole = { + + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.28"; + + config = { + networking.firewall.allowedTCPPorts = [ 80 ]; + + services = { + pihole-web = { + enable = true; + + ports = [ "80r" ]; + }; + + pihole-ftl = { + enable = true; + + openFirewallDNS = true; + }; + + unbound = { + enable = true; + }; + }; + + system.stateVersion = "24.05"; + }; + }; + }; } diff --git a/system-config/services/containers/pihole/docker-compose.nix b/system-config/services/containers/pihole/docker-compose.nix deleted file mode 100644 index d06c6fd..0000000 --- a/system-config/services/containers/pihole/docker-compose.nix +++ /dev/null @@ -1,125 +0,0 @@ -# Auto-generated using compose2nix v0.3.2-pre. -{ config, pkgs, lib, ... }: - -{ - config = lib.mkIf config.sysconfig.opts.virtualization.pihole.enable { -# Runtime - virtualisation.podman = { - enable = true; - autoPrune.enable = true; - dockerCompat = true; - defaultNetwork.settings = { -# Required for container networking to be able to use names. - dns_enabled = true; - }; - }; - -# Enable container name DNS for non-default Podman networks. -# https://github.com/NixOS/nixpkgs/issues/226365 - networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ]; - - virtualisation.oci-containers.backend = "podman"; - -# Containers - virtualisation.oci-containers.containers."pihole" = { - image = "pihole/pihole:latest"; - environment = { - "PIHOLE_DNS" = "'192.169.101.2#5335'"; - "TZ" = "'America/Chicago'"; - }; - environmentFiles = [ - "/ssd1/Pihole/.env" - ]; - volumes = [ - "/ssd1/Pihole/etc-dnsmasq.d:/etc/dnsmasq.d:rw" - "/ssd1/Pihole/etc-pihole:/etc/pihole:rw" - ]; - ports = [ - "53:53/tcp" - "53:53/udp" - "8080:80/tcp" - ]; - log-driver = "journald"; - extraOptions = [ - "--ip=192.169.101.1" - "--network-alias=pihole" - "--network=pihole_dns_net" - ]; - }; - systemd.services."podman-pihole" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - }; - after = [ - "podman-network-pihole_dns_net.service" - ]; - requires = [ - "podman-network-pihole_dns_net.service" - ]; - partOf = [ - "podman-compose-pihole-root.target" - ]; - wantedBy = [ - "podman-compose-pihole-root.target" - ]; - }; - virtualisation.oci-containers.containers."unbound" = { - image = "mvance/unbound:latest"; - volumes = [ - "/ssd1/Pihole/unbound:/opt/unbound/etc/unbound:rw" - ]; - ports = [ - "5335:53/tcp" - "5335:53/udp" - ]; - log-driver = "journald"; - extraOptions = [ - "--ip=192.169.101.2" - "--network-alias=unbound" - "--network=pihole_dns_net" - ]; - }; - systemd.services."podman-unbound" = { - serviceConfig = { - Restart = lib.mkOverride 90 "always"; - }; - after = [ - "podman-network-pihole_dns_net.service" - ]; - requires = [ - "podman-network-pihole_dns_net.service" - ]; - partOf = [ - "podman-compose-pihole-root.target" - ]; - wantedBy = [ - "podman-compose-pihole-root.target" - ]; - }; - -# Networks - systemd.services."podman-network-pihole_dns_net" = { - path = [ pkgs.podman ]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStop = "podman network rm -f pihole_dns_net"; - }; - script = '' - podman network inspect pihole_dns_net || podman network create pihole_dns_net --driver=bridge --subnet=192.169.0.0/16 - ''; - partOf = [ "podman-compose-pihole-root.target" ]; - wantedBy = [ "podman-compose-pihole-root.target" ]; - }; - -# Root service -# When started, this will automatically create all resources and start -# the containers. When stopped, this will teardown all resources. - systemd.targets."podman-compose-pihole-root" = { - unitConfig = { - Description = "Root target generated by compose2nix."; - }; - wantedBy = [ "multi-user.target" ]; - }; - }; -}