Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Change the pihole config to a flake that hopefully works

Browse source
This commit is contained in:
Lillian-Violet 2024-01-12 16:58:45 +01:00
parent e1b0f0ff99
commit 09180f6507
2 changed files with 48 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
flake.nix
View file

@ -22,6 +22,19 @@
extest.url = "github:chaorace/extest-nix";
# Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware";
# Required for making sure that Pi-hole continues running if the executing user has no active session.
linger = {
url = "github:mindsbackyard/linger-flake";
inputs.flake-utils.follows = "flake-utils";
};
pihole = {
url = "github:mindsbackyard/pihole-flake";
inputs.nixpkgs.follow = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.linger.follows = "linger";
};
};
outputs = {
@ -31,6 +44,8 @@
sops-nix,
simple-nixos-mailserver,
plasma-manager,
linger,
pihole,
...
} @ inputs: let
inherit (self) outputs;
@ -84,6 +99,10 @@
# > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix
sops-nix.nixosModules.sops
# make the module declared by the linger flake available to our config
linger.nixosModules.${system}.default
pihole.nixosModules.${system}.default
];
};
};

105
nixos/hosts/wheatley/configuration.nix
View file

@ -18,6 +18,7 @@
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.grub.enable = false;
boot.cleanTmpDir = true;
# boot.extraModulePackages = [
# (pkgs.callPackage ./rtl8189es.nix {
@ -75,87 +76,39 @@
};
};
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:2024.01.0";
ports = [
"53:53/udp"
"53:53/tcp"
"80:80/tcp"
];
environment = {
TZ = config.time.timeZone;
WEB_PORT = "80";
WEBPASSWORD = "toor";
#VIRTUAL_HOST = "192.168.1.114";
PIHOLE_DNS_ = "127.0.0.1#5353";
REV_SERVER = "true";
REV_SERVER_DOMAIN = "router.lan";
REV_SERVER_TARGET = "192.168.1.1";
REV_SERVER_CIDR = "192.168.1.0/16";
DNSMASQ_LISTENING = "local";
};
extraOptions = [
"--network=host"
];
};
systemd.services."podman-pihole".postStart = ''
sleep 300s
podman exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
podman exec pihole pihole -a adlist add "https://adaway.org/hosts.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Admiral.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
podman exec pihole pihole -a adlist add "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/static/w3kbl.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Shalla-mal.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
podman exec pihole pihole -a adlist add "https://someonewhocares.org/hosts/zero/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Ads.txt"
podman exec pihole pihole -a adlist add "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
podman exec pihole pihole -a adlist add "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
podman exec pihole pihole -a adlist add "https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt"
podman exec pihole pihole -a adlist add "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
podman exec pihole pihole -a adlist add "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
podman exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
podman exec pihole pihole -a adlist add "https://phishing.army/download/phishing_army_blocklist_extended.txt"
podman exec pihole pihole -a adlist add "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
podman exec pihole pihole -a adlist add "https://urlhaus.abuse.ch/downloads/hostfile/"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Malware.txt"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling-porn/hosts"
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list"
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Crypto.txt"
podman exec pihole pihole -a adlist add "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
podman exec pihole pihole -g
'';
services.openssh = {
services.pihole = {
enable = true;
hostConfig = {
# define the service user for running the rootless Pi-hole container
user = "pihole";
enableLingeringForUser = true;
# we want to persist change to the Pi-hole configuration & logs across service restarts
# check the option descriptions for more information
persistVolumes = true;
# expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
# check the option descriptions for more information
dnsPort = 5335;
webProt = 8080;
};
piholeConfig.ftl = {
# assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
# check the option description & the FTLDNS documentation for more information
LOCAL_IPV4 = "192.168.0.2";
};
piholeCOnfig.web = {
virtualHost = "pi.hole";
password = "password";
};
};
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22 80 443];
networking.firewall = {
allowedTCPPorts = [22 80 443 5335 8080];
allowedUDPPorts = [5335];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";