pihole: working maybe

nixos/hosts/pihole/default.nix

@@ -3,34 +3,58 @@
     ../../templates/proxmox-lxc.nix
     ../../server.nix
     ../../features/dns-cache.nix
-    inputs.pihole.nixosModules.default
+    inputs.linger.nixosModules.x86_64-linux.default
+    inputs.pihole.nixosModules.x86_64-linux.default
   ];
 
   networking.hostName = "pihole";
   system.stateVersion = "24.11";
   nixpkgs.hostPlatform = "x86_64-linux";
+  boot.tmp.cleanOnBoot = lib.mkForce true;
+
+  networking.firewall = {
+    allowedTCPPorts = [ 
+      config.services.pihole.hostConfig.dnsPort
+      config.services.pihole.hostConfig.webPort
+    ];
+    allowedUDPPorts = [
+      config.services.pihole.hostConfig.dnsPort
+    ];
+  };
+
+  users.users.pihole = {
+    isNormalUser = true;
+    subUidRanges = [{ count = 65534; startUid = 100001; }];
+    subGidRanges = [{ count = 65534; startGid = 100001; }];
+  };
 
   services.pihole = {
     enable = true;
-    enableLingeringForUser = true;
-    persistVolumes = true;
-    dnsPort = 5353;
-    webPort = 8080;
-    web = {
-      password = "abcd1234"; # todo?
-      virtualHost = "http://pihole.hoki-porgy.ts.net";
-      theme = "default-darker";
+    hostConfig = {
+      user = "pihole";
+      enableLingeringForUser = true;
+      persistVolumes = true;
+      dnsPort = 5353;
+      webPort = 8080;
     };
-    dns = {
-      upstreamServers = [
-        "10.0.0.1"
-        "1.1.1.1"
-        "1.0.0.1"
-      ];
-      dnssec = true;
-      bogusPriv = true;
-      fqdnRequired = true;
+    piholeConfig = {
+      web = {
+        password = "abcd1234"; # todo?
+        virtualHost = "http://pihole.hoki-porgy.ts.net";
+        theme = "default-darker";
+      };
+      dns = {
+        upstreamServers = [
+          "10.0.0.1"
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+        dnssec = true;
+        bogusPriv = true;
+        fqdnRequired = true;
+      };
     };
-    
   };
+
+  
 }