❄️ Nix configurations
add: pi-hole
Signed-off-by: A. Ottr <alex@otter.foo>
+46
-1
+2
-1
hosts/polecat/configuration.nix
+2
-1
hosts/polecat/configuration.nix
···
13
13
../../modules/nixos/server/home-assistant.nix
14
14
../../modules/nixos/server/media.nix
15
15
../../modules/nixos/server/plex.nix
16
-
../../modules/nixos/server/blocky.nix
16
+
# ../../modules/nixos/server/blocky.nix
17
+
../../modules/nixos/server/pi-hole.nix
17
18
../../modules/nixos/server/uptime.nix
18
19
];
19
20
+44
modules/nixos/server/pi-hole.nix
+44
modules/nixos/server/pi-hole.nix
···
1
+
{ pkgs, config, ... }:
2
+
3
+
{
4
+
virtualisation.oci-containers = {
5
+
backend = "podman";
6
+
containers.pihole = {
7
+
environment = {
8
+
TZ = "Europe/Paris";
9
+
FTLCONF_webserver_api_password = "pihole";
10
+
FTLCONF_dns_listeningMode = "all";
11
+
};
12
+
volumes = [
13
+
"pihole:/etc/pihole"
14
+
];
15
+
image = "pihole/pihole:2025.08.0";
16
+
autoStart = true;
17
+
ports = [
18
+
"53:53/tcp"
19
+
"53:53/udp"
20
+
"28080:80/tcp"
21
+
];
22
+
};
23
+
};
24
+
25
+
# might prevent podman from pulling images
26
+
services.resolved.enable = false;
27
+
networking.firewall.allowedTCPPorts = [ 53 28080 ];
28
+
networking.firewall.allowedUDPPorts = [ 53 ];
29
+
30
+
services.traefik.dynamicConfigOptions.http = {
31
+
routers = {
32
+
pihole = {
33
+
entryPoints = ["websecure"];
34
+
service = "pihole";
35
+
rule = "Host(`dns.otter.place`)";
36
+
tls.certResolver = "letsencrypt";
37
+
};
38
+
};
39
+
40
+
services = {
41
+
pihole.loadBalancer.servers = [{url = "http://localhost:28080";}];
42
+
};
43
+
};
44
+
}