{ config, lib, inputs, ... }: { options.sysconfig.opts.virtualization.pihole.enable = lib.options.mkOption { type = lib.types.bool; default = false; }; config = lib.mkIf config.sysconfig.opts.virtualization.pihole.enable { /* sops.secrets."pihole/pass" = {}; sops.templates."pihole.env" = { content = '' WEBPASSWORD=${config.sops.placeholder."pihole/pass"} ''; path = "/ssd1/Pihole/.env"; }; */ containers = { pihole = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.28"; config = let pkgs-us = import inputs.nixpkgs-us { system = "x86_64-linux"; }; in { imports = [ (import "${inputs.nixpkgs-us}/nixos/modules/services/networking/pihole-ftl.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;}) (import "${inputs.nixpkgs-us}/nixos/modules/services/web-apps/pihole-web.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;}) ]; services = { pihole-web = { enable = true; package = pkgs-us.pihole-web; #hostName = "192.168.100.28"; ports = [ 80 ]; }; pihole-ftl = { enable = true; package = pkgs-us.pihole-ftl; openFirewallDNS = true; openFirewallWebserver = true; lists = [ { url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; } ]; settings = { /*misc.dnsmasq_lines = [ "no-resolv" "server=192.168.100.29" #"server=1.1.1.1" #"server=1.0.0.1" ];*/ }; }; unbound = { enable = true; settings = { server = { interface = [ "127.0.0.1" ]; port = 5335; }; }; }; }; system.stateVersion = "24.05"; }; }; /*unbound = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.10"; localAddress = "192.168.100.29"; config = { services = { unbound = { enable = true; settings = { server = { interface = [ "0.0.0.0" ]; port = 53; }; }; }; }; networking = { firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; }; }; system.stateVersion = "25.05"; }; };*/ }; }; }