Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

created config for pihole

Browse source
This commit is contained in:
Leyla Becker 2025-01-02 21:39:39 -06:00
parent e6852cc537
commit b02bd1a5e2
5 changed files with 185 additions and 129 deletions
Download patch file Download diff file Expand all files Collapse all files

11
configurations/nixos/defiant/configuration.nix
View file

@ -81,6 +81,17 @@
enable = true; enable = true;
subdomain = "home"; subdomain = "home";
}; };
pihole = {
enable = true;
ip = "192.168.1.201";
};
podman = {
macvlan = {
subnet = "192.168.1.0/24";
gateway = "192.168.1.1";
networkInterface = "bond0";
};
};
}; };
networking = { networking = {
hostId = "c51763d6"; hostId = "c51763d6";

129
configurations/nixos/defiant/services.nix
View file

@ -18,45 +18,6 @@ in {
base_domain = lib.mkOption { base_domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; };
macvlan = {
subnet = lib.mkOption {
type = lib.types.str;
description = "Subnet for macvlan address range";
};
gateway = lib.mkOption {
type = lib.types.str;
description = "Gateway for macvlan";
# TODO: see if we can default this to systemd network gateway
};
networkInterface = lib.mkOption {
type = lib.types.str;
description = "Parent network interface for macvlan";
# TODO: see if we can default this some interface?
};
};
pihole = {
image = lib.mkOption {
type = lib.types.str;
description = "container image to use for pi-hole";
};
# TODO: check against subnet for macvlan
ip = lib.mkOption {
type = lib.types.str;
description = "ip address to use for pi-hole";
};
directory = {
root = lib.mkOption {
type = lib.types.str;
description = "directory that pihole will be hosted at";
default = "/var/lib/pihole";
};
data = lib.mkOption {
type = lib.types.str;
description = "directory that pihole data will be hosted at";
default = "${config.apps.pihole.directory.root}/data";
};
};
};
headscale = { headscale = {
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -98,94 +59,14 @@ in {
config = { config = {
sops.secrets = { sops.secrets = {
"services/pi-hole" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
"services/nextcloud_adminpass" = { "services/nextcloud_adminpass" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml"; sopsFile = "${inputs.secrets}/defiant-services.yaml";
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
}; };
}; };
virtualisation = {
# Runtime
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
oci-containers = {
backend = "podman";
containers = {
pihole = let
passwordFileLocation = "/var/lib/pihole/webpassword.txt";
in {
image = config.apps.pihole.image;
volumes = [
"${config.apps.pihole.directory.data}:/etc/pihole:rw"
"${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}"
];
environment = {
TZ = "America/Chicago";
WEBPASSWORD_FILE = passwordFileLocation;
PIHOLE_UID = toString config.users.users.pihole.uid;
PIHOLE_GID = toString config.users.groups.pihole.gid;
};
log-driver = "journald";
extraOptions = [
"--ip=${config.apps.pihole.ip}"
"--network=macvlan"
];
};
};
};
};
# TODO: dynamic users
systemd = { systemd = {
tmpfiles.rules = [
"d ${config.apps.pihole.directory.root} 755 pihole pihole -" # is /home/docker/pihole on old system
"d ${config.apps.pihole.directory.data} 755 pihole pihole -" # is /home/docker/pihole on old system
];
services = { services = {
"podman-pihole" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-macvlan.service"
];
requires = [
"podman-network-macvlan.service"
];
partOf = [
"podman-compose-root.target"
];
wantedBy = [
"podman-compose-root.target"
];
};
"podman-network-macvlan" = {
path = [pkgs.podman];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f macvlan";
};
script = ''
podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan
'';
partOf = ["podman-compose-root.target"];
wantedBy = ["podman-compose-root.target"];
};
# nextcloud-setup = { # nextcloud-setup = {
# after = ["network.target"]; # after = ["network.target"];
# }; # };
@ -201,16 +82,6 @@ in {
suspend.enable = false; suspend.enable = false;
hibernate.enable = false; hibernate.enable = false;
hybrid-sleep.enable = false; hybrid-sleep.enable = false;
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
"podman-compose-root" = {
unitConfig = {
Description = "Root target for podman targets.";
};
wantedBy = ["multi-user.target"];
};
}; };
}; };

2
modules/nixos-modules/server/default.nix
View file

@ -3,9 +3,11 @@
./network_storage ./network_storage
./reverse_proxy.nix ./reverse_proxy.nix
./postgres.nix ./postgres.nix
./podman.nix
./jellyfin.nix ./jellyfin.nix
./forgejo.nix ./forgejo.nix
./searx.nix ./searx.nix
./home-assistant.nix ./home-assistant.nix
./pihole.nix
]; ];
} }

98
modules/nixos-modules/server/pihole.nix Normal file
View file

@ -0,0 +1,98 @@
{
lib,
config,
inputs,
...
}: {
options.host.pihole = {
enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
directory = lib.mkOption {
type = lib.types.str;
default = "/var/lib/pihole";
};
image = lib.mkOption {
type = lib.types.str;
default = "pihole/pihole:2024.07.0";
description = "container image to use for pi-hole";
};
ip = lib.mkOption {
type = lib.types.str;
description = "ip address to use for pi-hole";
};
};
config = lib.mkIf config.host.pihole.enable (lib.mkMerge [
{
host.podman.enable = true;
sops.secrets = {
"services/pi-hole" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml";
};
};
systemd = {
tmpfiles.rules = [
"d ${config.host.pihole.directory} 755 pihole pihole -" # is /home/docker/pihole on old system
];
services = {
"podman-pihole" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-macvlan.service"
];
requires = [
"podman-network-macvlan.service"
];
partOf = [
"podman-compose-root.target"
];
wantedBy = [
"podman-compose-root.target"
];
};
};
};
virtualisation = {
oci-containers = {
containers = {
pihole = let
passwordFileLocation = "/var/lib/pihole/webpassword.txt";
in {
image = config.host.pihole.image;
volumes = [
"${config.host.pihole.directory}:/etc/pihole:rw"
"${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}"
];
environment = {
TZ = "America/Chicago";
WEBPASSWORD_FILE = passwordFileLocation;
PIHOLE_UID = toString config.users.users.pihole.uid;
PIHOLE_GID = toString config.users.groups.pihole.gid;
};
log-driver = "journald";
extraOptions = [
"--ip=${config.host.pihole.ip}"
"--network=macvlan"
];
};
};
};
};
}
(lib.mkIf config.host.impermanence.enable {
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = config.host.pihole.directory;
user = "pihole";
group = "pihole";
}
];
};
})
]);
}

74
modules/nixos-modules/server/podman.nix Normal file
View file

@ -0,0 +1,74 @@
{
lib,
pkgs,
config,
...
}: {
options.host.podman = {
enable = lib.mkEnableOption "should home-assistant be enabled on this computer";
macvlan = {
subnet = lib.mkOption {
type = lib.types.str;
description = "Subnet for macvlan address range";
};
gateway = lib.mkOption {
type = lib.types.str;
description = "Gateway for macvlan";
# TODO: see if we can default this to systemd network gateway
};
networkInterface = lib.mkOption {
type = lib.types.str;
description = "Parent network interface for macvlan";
# TODO: see if we can default this some interface?
};
};
};
config = lib.mkIf config.host.podman.enable {
systemd = {
services = {
"podman-network-macvlan" = {
path = [pkgs.podman];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "podman network rm -f macvlan";
};
script = ''
podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.host.podman.macvlan.subnet} --gateway ${config.host.podman.macvlan.gateway} --opt parent=${config.host.podman.macvlan.networkInterface} macvlan
'';
partOf = ["podman-compose-root.target"];
wantedBy = ["podman-compose-root.target"];
};
};
# disable computer sleeping
targets = {
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
"podman-compose-root" = {
unitConfig = {
Description = "Root target for podman targets.";
};
wantedBy = ["multi-user.target"];
};
};
};
virtualisation = {
# Runtime
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
oci-containers = {
backend = "podman";
};
};
};
}