forked from jan-leila/nix-config
added config options for pihole
This commit is contained in:
parent
8adc6b97cd
commit
baced6f8fd
2 changed files with 79 additions and 34 deletions
|
|
@ -13,6 +13,33 @@
|
||||||
base_domain = lib.mkOption {
|
base_domain = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
};
|
};
|
||||||
|
macvlan = {
|
||||||
|
subnet = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Subnet for macvlan address range";
|
||||||
|
};
|
||||||
|
gateway = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Gateway for macvlan";
|
||||||
|
# TODO: see if we can default this to systemd network gateway
|
||||||
|
};
|
||||||
|
networkInterface = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Parent network interface for macvlan";
|
||||||
|
# TODO: see if we can default this some interface?
|
||||||
|
};
|
||||||
|
};
|
||||||
|
pihole = {
|
||||||
|
image = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "container image to use for pi-hole";
|
||||||
|
};
|
||||||
|
# TODO: check against subnet for macvlan
|
||||||
|
ip = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "ip address to use for pi-hole";
|
||||||
|
};
|
||||||
|
};
|
||||||
headscale = {
|
headscale = {
|
||||||
subdomain = lib.mkOption {
|
subdomain = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
|
|
@ -54,36 +81,42 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Runtime
|
virtualisation = {
|
||||||
virtualisation.podman = {
|
# Runtime
|
||||||
enable = true;
|
podman = {
|
||||||
autoPrune.enable = true;
|
enable = true;
|
||||||
dockerCompat = true;
|
autoPrune.enable = true;
|
||||||
defaultNetwork.settings = {
|
dockerCompat = true;
|
||||||
# Required for container networking to be able to use names.
|
defaultNetwork.settings = {
|
||||||
dns_enabled = true;
|
# Required for container networking to be able to use names.
|
||||||
|
dns_enabled = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
virtualisation.oci-containers.backend = "podman";
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.pihole = {
|
oci-containers = {
|
||||||
image = "pihole/pihole:2024.07.0";
|
backend = "podman";
|
||||||
hostname = "pihole";
|
|
||||||
volumes = [
|
containers.pihole = let
|
||||||
"/home/pihole:/etc/pihole:rw" # TODO; set this based on configs
|
passwordFileLocation = "/var/lib/pihole/webpassword.txt";
|
||||||
"${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt"
|
in {
|
||||||
];
|
image = config.apps.pihole.image;
|
||||||
environment = {
|
volumes = [
|
||||||
TZ = config.time.timeZone;
|
"/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules
|
||||||
WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt";
|
"${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}"
|
||||||
PIHOLE_UID = toString config.users.users.pihole.uid;
|
];
|
||||||
PIHOLE_GID = toString config.users.groups.pihole.gid;
|
environment = {
|
||||||
|
TZ = config.time.timeZone;
|
||||||
|
WEBPASSWORD_FILE = passwordFileLocation;
|
||||||
|
PIHOLE_UID = toString config.users.users.pihole.uid;
|
||||||
|
PIHOLE_GID = toString config.users.groups.pihole.gid;
|
||||||
|
};
|
||||||
|
log-driver = "journald";
|
||||||
|
extraOptions = [
|
||||||
|
"--ip=${config.apps.pihole.ip}"
|
||||||
|
"--network=macvlan"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
log-driver = "journald";
|
|
||||||
extraOptions = [
|
|
||||||
"--ip=192.168.1.201" # TODO: set this to some ip address from configs
|
|
||||||
"--network=macvlan"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
systemd = {
|
||||||
|
|
@ -123,11 +156,8 @@
|
||||||
RemainAfterExit = true;
|
RemainAfterExit = true;
|
||||||
ExecStop = "podman network rm -f macvlan";
|
ExecStop = "podman network rm -f macvlan";
|
||||||
};
|
};
|
||||||
# TODO: check subnet against pi-hole ip address
|
|
||||||
# TODO: make lan configurable
|
|
||||||
# TODO: make parent interface configurable
|
|
||||||
script = ''
|
script = ''
|
||||||
podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan
|
podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan
|
||||||
'';
|
'';
|
||||||
partOf = [ "podman-compose-root.target" ];
|
partOf = [ "podman-compose-root.target" ];
|
||||||
wantedBy = [ "podman-compose-root.target" ];
|
wantedBy = [ "podman-compose-root.target" ];
|
||||||
|
|
|
||||||
|
|
@ -25,9 +25,24 @@
|
||||||
|
|
||||||
apps = {
|
apps = {
|
||||||
base_domain = "jan-leila.com";
|
base_domain = "jan-leila.com";
|
||||||
headscale.subdomain = "vpn";
|
macvlan = {
|
||||||
jellyfin.subdomain = "media";
|
subnet = "192.168.1.0/24";
|
||||||
forgejo.subdomain = "git";
|
gateway = "192.168.1.1";
|
||||||
|
networkInterface = "bond0";
|
||||||
|
};
|
||||||
|
pihole = {
|
||||||
|
image = "pihole/pihole:2024.07.0";
|
||||||
|
ip = "192.168.1.201";
|
||||||
|
};
|
||||||
|
headscale = {
|
||||||
|
subdomain = "vpn";
|
||||||
|
};
|
||||||
|
jellyfin = {
|
||||||
|
subdomain = "media";
|
||||||
|
};
|
||||||
|
forgejo = {
|
||||||
|
subdomain = "git";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue