noe/pihole-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
39 commits 1 branch 0 tags 73 KiB
Commit graph

39 commits

This branch
This branch
All branches
Author SHA1 Message Date
noe
913f75bd0d remove assertions 2024-05-31 01:56:25 -04:00
noe
a125ee3d1c use boot.tmp.cleanOnBoot 2024-05-31 01:41:13 -04:00
noe
4db2bcb209 use lib.strings.concatStringSep 2024-05-31 01:39:07 -04:00
noe
4c6f96ee39 update images 2024-05-31 01:16:29 -04:00
Christopher Bacher
9daaf65415 fix: Readme has a missing backtick 2022-12-06 00:47:28 +01:00
Christopher Bacher
257e0b2daa license: add MIT license file 2022-12-06 00:39:03 +01:00
Christopher Bacher
9d22275025 flake(docs): add a Readme & an example system configuration 2022-12-05 23:23:32 +01:00
Christopher Bacher
a8119d7a1b flake(pihole): restructure image info + update devShell for updating it 
The Pi-hole image information is now contained in separate nix files per architecture `pihole-image-info.ARCH.nix`.
When updating these files with `update-pihole-image-info` the respective docker images are prefetched and the sha256 sum needed for the build are automatically included in the nix files.
 2022-12-05 23:23:32 +01:00
Christopher Bacher
4a2a0b86d6 modules(pihole-container): simplify exposing PiHole ports 
Initially the PiHole module was supposed to provide an option to expose rootless PiHole on privileged ports s.t. the user does not have to find out/decide how to do it herself.
However, it seems to be out-of-scope for flake which should provide a rootless PiHole container.
Further, any decision taken on how to achieve this could limit the users choices for other system configuration options.
Inestead options for making PiHole available on priviledged ports should be described in the Readme and maybe in example configurations.
 2022-12-05 23:23:32 +01:00
Christopher Bacher
f4ff6d5e91 flake(description): minor rewording 2022-12-05 23:23:32 +01:00
Christopher Bacher
17f09210bc modules(pihole-container): add options for configuring Pi-hole's FTLDNS component 2022-12-05 23:23:32 +01:00
Christopher Bacher
d72b14f17b modules(pihole-container): add option for configuring the DNS interface of the container 2022-12-05 23:23:32 +01:00
Christopher Bacher
ebe48a0c6e modules(pihole-container): add warning about /tmp issues 2022-12-05 23:23:32 +01:00
Christopher Bacher
c536fb7293 refactor: move support functions to ./lib; change piholeConfiguration option to piholeConfig 
The first part of the refactor simplifies the logic in the module and hides functions which are only used to extract container env vars.
Second the option renaming to piholeConfig unifies the naming with the hostConfig option.
 2022-12-05 23:23:19 +01:00
Christopher Bacher
f734aea139 flake/modules/lib: import lib in modules directly instead of passing it from the flake 2022-12-05 23:22:20 +01:00
Christopher Bacher
428baed6cf flake(linger): add linger-flaker to allow the pihole-flake to manage user lingering 
Systemd's user lingering feature seems to be necessary to run rootless podman if the executing user is not logged in.
See https://github.com/NixOS/nixpkgs/issues/138423
 2022-12-05 23:22:01 +01:00
Christopher Bacher
5fb27f33b3 modules(pihole-container): pre-start cleanup old pihole containers 
If container cleanup fails when the machine halts it is necessary to cleanup the old container before the new one starts or it will fail.
 2022-10-29 00:17:27 +02:00
Christopher Bacher
0c360c6f64 modules(pihole-container): print a warning if systemd's linger capability for the host user is not managed 2022-10-23 23:20:42 +02:00
Christopher Bacher
9238520b65 modules(pihole-container): add option for enabling user lingering (not wired) 2022-10-23 23:20:42 +02:00
Christopher Bacher
c8e603fd29 modules(pihole-container): assert that host user has sub-uids/gids configured 2022-10-22 15:47:07 +02:00
Christopher Bacher
8c58832c7d modules(pihole-container): improve stopping of the container 
The service only waits until the container has been stopped.
 2022-10-18 21:04:39 +02:00
Christopher Bacher
53a4cddd7c modules(pihole-container): add sleep in ExecStopPost= to force a wait 
This is necessary because podman-stop did not wait until the container was actually deleted and `RestartSec=` does not apply if the service is restarted by systemd itself (via restart).
RestartSec only applies if the restart reason is covered by `Restart=`
 2022-10-17 01:49:54 +02:00
Christopher Bacher
c7048bf7ad modules(pihole-container): add RestartSec to give the container time to be properly removed 
The ExecStop from the previous commit was not enough the journald logs show that the container fails to restart because the old one is still around.
 2022-10-17 01:29:48 +02:00
Christopher Bacher
d523a5c8e1 modules(pihole-container): expliclitly stop the container with podman 
Currently the container often fails to startup again in a nixos-rebuild.
Maybe this is because the container lingers a bit after the systemd.service has already been stopped and the container from the restarted service can't be created.
The podman-stop command should delay the stopping of the service until the container is gone too.
 2022-10-17 01:17:29 +02:00
Christopher Bacher
dde81d1e16 modules(pihole-container): add requires-dependency on network-online.target to systemd.service 2022-10-17 00:52:35 +02:00
Christopher Bacher
8ba929f20f image(pihole): update to 2022.10 2022-10-16 22:53:32 +02:00
Christopher Bacher
8e7c14c52f git(ignore): nix build output result 2022-10-16 18:46:50 +02:00
Christopher Bacher
575c4ae0dc modules(pihole-container): extend the description for port configuration on the host 2022-10-16 18:38:18 +02:00
Christopher Bacher
a1214c99d2 flake(devShell): make dig available to test the pihole DNS 2022-10-16 18:21:35 +02:00
Christopher Bacher
647d73908b lib(util): toEnvValue converts list into the format '[A;B;C]' 2022-10-16 15:25:31 +02:00
Christopher Bacher
73aed13f87 modules(pihole-container): make newuidmap available to systemd service 
See https://github.com/NixOS/nixpkgs/issues/138423
Potentially a security issue as `/run/wrappers/bin/` contains more commands often with suid bit set.
 2022-10-15 21:50:59 +02:00
Christopher Bacher
41d400120d modules(pihole-container): extract helper function to lib & restructure lets 2022-10-15 21:49:30 +02:00
Christopher Bacher
d15ee5c8fa modules(pihole-container): add pihole systemd service description & option handling (dhcp still missing) 2022-10-14 01:34:29 +02:00
Christopher Bacher
c1ab2461ac module(pihole-container): improve the module's options by adding better defaults and the environment variable names which are controlled by the options 2022-10-14 01:33:19 +02:00
Christopher Bacher
1f8b3f5d1a lib(util): add functions for finding and acessing fragments ("paths") through a tree of attrSets 2022-10-14 01:29:48 +02:00
Christopher Bacher
1a4551ff17 module(pihole-container): rename module to pihole 2022-10-09 19:57:58 +02:00
Christopher Bacher
7174f824d6 module(pihole-container): make it a module factory; WIP: start adding systemd service 
The factory function returns the pihole module and allows to pass the flake itself to refer to its outputs.
 2022-10-09 19:05:10 +02:00
Christopher Bacher
1b5d13c510 module(pihole-container): add option declarations for the module + add module to flake 2022-10-04 00:19:12 +02:00
Christopher Bacher
ef77de3abd flake(pihole): build pihole docker image (x86_64 & aarch64) + basic devShell for updating image info 2022-09-25 22:15:27 +02:00