From dc13df9795a33ba5ef25192d7d538a8151c5bc64 Mon Sep 17 00:00:00 2001 From: noe Date: Fri, 31 May 2024 01:42:23 -0400 Subject: [PATCH] pihole: working maybe --- flake.lock | 43 ++++++++++++----------- flake.nix | 9 ++++- nixos/hosts/pihole/default.nix | 62 +++++++++++++++++++++++----------- 3 files changed, 75 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index defaaad..80f05b2 100644 --- a/flake.lock +++ b/flake.lock @@ -42,7 +42,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "nixpkgs": [ "nixvim", "nixpkgs" @@ -243,11 +243,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -261,11 +261,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -431,7 +431,6 @@ "linger": { "inputs": { "flake-utils": [ - "pihole", "flake-utils" ] }, @@ -719,24 +718,28 @@ }, "pihole": { "inputs": { - "flake-utils": "flake-utils_2", - "linger": "linger", + "flake-utils": [ + "flake-utils" + ], + "linger": [ + "linger" + ], "nixpkgs": [ "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1670284048, - "narHash": "sha256-lNyJ7vrDAdsPVcNBXqDUXseBBL9Kf2q64/A8ntEKXWI=", - "owner": "mindsbackyard", - "repo": "pihole-flake", - "rev": "9daaf65415ad6d3f5a8daa617d8737bc405f9dd8", - "type": "github" + "lastModified": 1717134073, + "narHash": "sha256-GTYbZ1H6/PVoMsq4abvxFvZ8K3YcQcYNTVy5Y9d2yUc=", + "ref": "refs/heads/main", + "rev": "a125ee3d1cd490c5a4ace180017c149c3c10e04b", + "revCount": 38, + "type": "git", + "url": "https://git.sapphic.engineer/noe/pihole-flake" }, "original": { - "owner": "mindsbackyard", - "repo": "pihole-flake", - "type": "github" + "type": "git", + "url": "https://git.sapphic.engineer/noe/pihole-flake" } }, "root": { @@ -745,10 +748,12 @@ "darwin": "darwin", "doll-repair": "doll-repair", "fedi-emotes": "fedi-emotes", + "flake-utils": "flake-utils", "home-manager": "home-manager", "iceshrimp": "iceshrimp", "iceshrimp-withdrawal": "iceshrimp-withdrawal", "lightrunner-emotes": "lightrunner-emotes", + "linger": "linger", "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable", diff --git a/flake.nix b/flake.nix index ebf6f35..0572c58 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,7 @@ # Pro gamer move nixos-generators.url = "github:nix-community/nixos-generators"; + flake-utils.url = "github:numtide/flake-utils"; # Iceshrimpy iceshrimp = { @@ -47,8 +48,14 @@ # PiHole pihole = { - url = "github:mindsbackyard/pihole-flake"; + url = "git+https://git.sapphic.engineer/noe/pihole-flake"; inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.linger.follows = "linger"; + inputs.flake-utils.follows = "flake-utils"; + }; + linger = { + url = "github:mindsbackyard/linger-flake"; + inputs.flake-utils.follows = "flake-utils"; }; # Self diff --git a/nixos/hosts/pihole/default.nix b/nixos/hosts/pihole/default.nix index 9593431..80e2731 100644 --- a/nixos/hosts/pihole/default.nix +++ b/nixos/hosts/pihole/default.nix @@ -3,34 +3,58 @@ ../../templates/proxmox-lxc.nix ../../server.nix ../../features/dns-cache.nix - inputs.pihole.nixosModules.default + inputs.linger.nixosModules.x86_64-linux.default + inputs.pihole.nixosModules.x86_64-linux.default ]; networking.hostName = "pihole"; system.stateVersion = "24.11"; nixpkgs.hostPlatform = "x86_64-linux"; + boot.tmp.cleanOnBoot = lib.mkForce true; + + networking.firewall = { + allowedTCPPorts = [ + config.services.pihole.hostConfig.dnsPort + config.services.pihole.hostConfig.webPort + ]; + allowedUDPPorts = [ + config.services.pihole.hostConfig.dnsPort + ]; + }; + + users.users.pihole = { + isNormalUser = true; + subUidRanges = [{ count = 65534; startUid = 100001; }]; + subGidRanges = [{ count = 65534; startGid = 100001; }]; + }; services.pihole = { enable = true; - enableLingeringForUser = true; - persistVolumes = true; - dnsPort = 5353; - webPort = 8080; - web = { - password = "abcd1234"; # todo? - virtualHost = "http://pihole.hoki-porgy.ts.net"; - theme = "default-darker"; + hostConfig = { + user = "pihole"; + enableLingeringForUser = true; + persistVolumes = true; + dnsPort = 5353; + webPort = 8080; }; - dns = { - upstreamServers = [ - "10.0.0.1" - "1.1.1.1" - "1.0.0.1" - ]; - dnssec = true; - bogusPriv = true; - fqdnRequired = true; + piholeConfig = { + web = { + password = "abcd1234"; # todo? + virtualHost = "http://pihole.hoki-porgy.ts.net"; + theme = "default-darker"; + }; + dns = { + upstreamServers = [ + "10.0.0.1" + "1.1.1.1" + "1.0.0.1" + ]; + dnssec = true; + bogusPriv = true; + fqdnRequired = true; + }; }; - }; + + }