pihole: working maybe

2024-05-31 01:42:23 -04:00 · 2024-05-31 01:42:23 -04:00 · dc13df9795
commit dc13df9795
parent c565ac16ba
3 changed files with 75 additions and 39 deletions
--- a/flake.lock
+++ b/flake.lock
@ -42,7 +42,7 @@
    },
    "devshell": {
      "inputs": {
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
        "nixpkgs": [
          "nixvim",
          "nixpkgs"
@ -243,11 +243,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1701680307,
-        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "lastModified": 1710146030,
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@ -261,11 +261,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
        "type": "github"
      },
      "original": {
@ -431,7 +431,6 @@
    "linger": {
      "inputs": {
        "flake-utils": [
-          "pihole",
          "flake-utils"
        ]
      },
@ -719,24 +718,28 @@
    },
    "pihole": {
      "inputs": {
-        "flake-utils": "flake-utils_2",
-        "linger": "linger",
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "linger": [
+          "linger"
+        ],
        "nixpkgs": [
          "nixpkgs-unstable"
        ]
      },
      "locked": {
-        "lastModified": 1670284048,
-        "narHash": "sha256-lNyJ7vrDAdsPVcNBXqDUXseBBL9Kf2q64/A8ntEKXWI=",
-        "owner": "mindsbackyard",
-        "repo": "pihole-flake",
-        "rev": "9daaf65415ad6d3f5a8daa617d8737bc405f9dd8",
-        "type": "github"
+        "lastModified": 1717134073,
+        "narHash": "sha256-GTYbZ1H6/PVoMsq4abvxFvZ8K3YcQcYNTVy5Y9d2yUc=",
+        "ref": "refs/heads/main",
+        "rev": "a125ee3d1cd490c5a4ace180017c149c3c10e04b",
+        "revCount": 38,
+        "type": "git",
+        "url": "https://git.sapphic.engineer/noe/pihole-flake"
      },
      "original": {
-        "owner": "mindsbackyard",
-        "repo": "pihole-flake",
-        "type": "github"
+        "type": "git",
+        "url": "https://git.sapphic.engineer/noe/pihole-flake"
      }
    },
    "root": {
@ -745,10 +748,12 @@
        "darwin": "darwin",
        "doll-repair": "doll-repair",
        "fedi-emotes": "fedi-emotes",
+        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "iceshrimp": "iceshrimp",
        "iceshrimp-withdrawal": "iceshrimp-withdrawal",
        "lightrunner-emotes": "lightrunner-emotes",
+        "linger": "linger",
        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs_4",
        "nixpkgs-stable": "nixpkgs-stable",
--- a/flake.nix
+++ b/flake.nix
@ -33,6 +33,7 @@

    # Pro gamer move
    nixos-generators.url = "github:nix-community/nixos-generators";
+    flake-utils.url = "github:numtide/flake-utils";

    # Iceshrimpy
    iceshrimp = {
@ -47,8 +48,14 @@

    # PiHole
    pihole = {
-      url = "github:mindsbackyard/pihole-flake";
+      url = "git+https://git.sapphic.engineer/noe/pihole-flake";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
+      inputs.linger.follows = "linger";
+      inputs.flake-utils.follows = "flake-utils";
+    };
+    linger = {
+      url = "github:mindsbackyard/linger-flake";
+      inputs.flake-utils.follows = "flake-utils";
    };

    # Self
--- a/nixos/hosts/pihole/default.nix
+++ b/nixos/hosts/pihole/default.nix
@ -3,34 +3,58 @@
    ../../templates/proxmox-lxc.nix
    ../../server.nix
    ../../features/dns-cache.nix
-    inputs.pihole.nixosModules.default
+    inputs.linger.nixosModules.x86_64-linux.default
+    inputs.pihole.nixosModules.x86_64-linux.default
  ];

  networking.hostName = "pihole";
  system.stateVersion = "24.11";
  nixpkgs.hostPlatform = "x86_64-linux";
+  boot.tmp.cleanOnBoot = lib.mkForce true;
+
+  networking.firewall = {
+    allowedTCPPorts = [ 
+      config.services.pihole.hostConfig.dnsPort
+      config.services.pihole.hostConfig.webPort
+    ];
+    allowedUDPPorts = [
+      config.services.pihole.hostConfig.dnsPort
+    ];
+  };
+
+  users.users.pihole = {
+    isNormalUser = true;
+    subUidRanges = [{ count = 65534; startUid = 100001; }];
+    subGidRanges = [{ count = 65534; startGid = 100001; }];
+  };

  services.pihole = {
    enable = true;
-    enableLingeringForUser = true;
-    persistVolumes = true;
-    dnsPort = 5353;
-    webPort = 8080;
-    web = {
-      password = "abcd1234"; # todo?
-      virtualHost = "http://pihole.hoki-porgy.ts.net";
-      theme = "default-darker";
+    hostConfig = {
+      user = "pihole";
+      enableLingeringForUser = true;
+      persistVolumes = true;
+      dnsPort = 5353;
+      webPort = 8080;
    };
-    dns = {
-      upstreamServers = [
-        "10.0.0.1"
-        "1.1.1.1"
-        "1.0.0.1"
-      ];
-      dnssec = true;
-      bogusPriv = true;
-      fqdnRequired = true;
+    piholeConfig = {
+      web = {
+        password = "abcd1234"; # todo?
+        virtualHost = "http://pihole.hoki-porgy.ts.net";
+        theme = "default-darker";
+      };
+      dns = {
+        upstreamServers = [
+          "10.0.0.1"
+          "1.1.1.1"
+          "1.0.0.1"
+        ];
+        dnssec = true;
+        bogusPriv = true;
+        fqdnRequired = true;
+      };
    };
-    
  };
+
+  
 }