From baced6f8fd8cefba7550ea12dc4e291659b51764 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Tue, 24 Sep 2024 01:29:35 -0500
Subject: [PATCH] added config options for pihole

---
 enviroments/server/default.nix  | 92 ++++++++++++++++++++++-----------
 hosts/defiant/configuration.nix | 21 ++++++--
 2 files changed, 79 insertions(+), 34 deletions(-)

diff --git a/enviroments/server/default.nix b/enviroments/server/default.nix
index f478413..5a55a69 100644
--- a/enviroments/server/default.nix
+++ b/enviroments/server/default.nix
@@ -13,6 +13,33 @@
       base_domain = lib.mkOption {
         type = lib.types.str;
       };
+      macvlan = {
+        subnet = lib.mkOption {
+          type = lib.types.str;
+          description = "Subnet for macvlan address range";
+        };
+        gateway = lib.mkOption {
+          type = lib.types.str;
+          description = "Gateway for macvlan";
+          # TODO: see if we can default this to systemd network gateway
+        };
+        networkInterface = lib.mkOption {
+          type = lib.types.str;
+          description = "Parent network interface for macvlan";
+          # TODO: see if we can default this some interface?
+        };
+      };
+      pihole = {
+        image = lib.mkOption {
+          type = lib.types.str;
+          description = "container image to use for pi-hole";
+        };
+        # TODO: check against subnet for macvlan
+        ip = lib.mkOption {
+          type = lib.types.str;
+          description = "ip address to use for pi-hole";
+        };
+      };
       headscale = {
         subdomain = lib.mkOption {
           type = lib.types.str;
@@ -54,36 +81,42 @@
       };
     };
 
-    # Runtime
-    virtualisation.podman = {
-      enable = true;
-      autoPrune.enable = true;
-      dockerCompat = true;
-      defaultNetwork.settings = {
-        # Required for container networking to be able to use names.
-        dns_enabled = true;
+    virtualisation = {
+      # Runtime
+      podman = {
+        enable = true;
+        autoPrune.enable = true;
+        dockerCompat = true;
+        defaultNetwork.settings = {
+          # Required for container networking to be able to use names.
+          dns_enabled = true;
+        };
       };
-    };
-    virtualisation.oci-containers.backend = "podman";
 
-    virtualisation.oci-containers.containers.pihole = {
-      image = "pihole/pihole:2024.07.0";
-      hostname = "pihole";
-      volumes = [
-        "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs
-        "${config.sops.secrets."services/pi-hole".path}:/var/lib/pihole/webpassword.txt"
-      ];
-      environment = {
-        TZ = config.time.timeZone;
-        WEBPASSWORD_FILE = "/var/lib/pihole/webpassword.txt";
-        PIHOLE_UID = toString config.users.users.pihole.uid;
-        PIHOLE_GID = toString config.users.groups.pihole.gid;
+      oci-containers = {
+        backend = "podman";
+
+        containers.pihole = let
+          passwordFileLocation = "/var/lib/pihole/webpassword.txt";
+        in {
+          image = config.apps.pihole.image;
+          volumes = [
+            "/home/pihole:/etc/pihole:rw" # TODO; set this based on configs and bond with tmpfiles.rules
+            "${config.sops.secrets."services/pi-hole".path}:${passwordFileLocation}"
+          ];
+          environment = {
+            TZ = config.time.timeZone;
+            WEBPASSWORD_FILE = passwordFileLocation;
+            PIHOLE_UID = toString config.users.users.pihole.uid;
+            PIHOLE_GID = toString config.users.groups.pihole.gid;
+          };
+          log-driver = "journald";
+          extraOptions = [
+            "--ip=${config.apps.pihole.ip}"
+            "--network=macvlan"
+          ];
+        };
       };
-      log-driver = "journald";
-      extraOptions = [
-        "--ip=192.168.1.201" # TODO: set this to some ip address from configs
-        "--network=macvlan"
-      ];
     };
 
     systemd = {
@@ -123,11 +156,8 @@
             RemainAfterExit = true;
             ExecStop = "podman network rm -f macvlan";
           };
-          # TODO: check subnet against pi-hole ip address
-          # TODO: make lan configurable
-          # TODO: make parent interface configurable
           script = ''
-            podman network inspect macvlan || podman network create --driver macvlan --subnet 192.168.1.0/24 --gateway 192.168.1.1 --opt parent=bond0 macvlan
+            podman network inspect macvlan || podman network create --driver macvlan --subnet ${config.apps.macvlan.subnet} --gateway ${config.apps.macvlan.gateway} --opt parent=${config.apps.macvlan.networkInterface} macvlan
           '';
           partOf = [ "podman-compose-root.target" ];
           wantedBy = [ "podman-compose-root.target" ];
diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index 05b169e..9288d36 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -25,9 +25,24 @@
 
   apps = {
     base_domain = "jan-leila.com";
-    headscale.subdomain = "vpn";
-    jellyfin.subdomain = "media";
-    forgejo.subdomain = "git";
+    macvlan = {
+      subnet = "192.168.1.0/24";
+      gateway = "192.168.1.1";
+      networkInterface = "bond0";
+    };
+    pihole = {
+      image = "pihole/pihole:2024.07.0";
+      ip = "192.168.1.201";
+    };
+    headscale = {
+      subdomain = "vpn";
+    };
+    jellyfin = {
+      subdomain = "media";
+    };
+    forgejo = {
+      subdomain = "git";
+    };
   };
 
   services = {