Change the pihole config to a flake that hopefully works
This commit is contained in:
parent
d90ba55a21
commit
ed61829532
19
flake.nix
19
flake.nix
|
@ -22,6 +22,19 @@
|
|||
extest.url = "github:chaorace/extest-nix";
|
||||
# Add any other flake you might need
|
||||
# hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
# Required for making sure that Pi-hole continues running if the executing user has no active session.
|
||||
linger = {
|
||||
url = "github:mindsbackyard/linger-flake";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
pihole = {
|
||||
url = "github:mindsbackyard/pihole-flake";
|
||||
inputs.nixpkgs.follow = "nixpkgs";
|
||||
inputs.flake-utils.follows = "flake-utils";
|
||||
inputs.linger.follows = "linger";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = {
|
||||
|
@ -31,6 +44,8 @@
|
|||
sops-nix,
|
||||
simple-nixos-mailserver,
|
||||
plasma-manager,
|
||||
linger,
|
||||
pihole,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (self) outputs;
|
||||
|
@ -84,6 +99,10 @@
|
|||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
# make the module declared by the linger flake available to our config
|
||||
linger.nixosModules.${system}.default
|
||||
pihole.nixosModules.${system}.default
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.grub.enable = false;
|
||||
boot.cleanTmpDir = true;
|
||||
|
||||
# boot.extraModulePackages = [
|
||||
# (pkgs.callPackage ./rtl8189es.nix {
|
||||
|
@ -75,87 +76,39 @@
|
|||
};
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
virtualisation.oci-containers.containers.pihole = {
|
||||
image = "pihole/pihole:2024.01.0";
|
||||
ports = [
|
||||
"53:53/udp"
|
||||
"53:53/tcp"
|
||||
"80:80/tcp"
|
||||
];
|
||||
environment = {
|
||||
TZ = config.time.timeZone;
|
||||
WEB_PORT = "80";
|
||||
WEBPASSWORD = "toor";
|
||||
#VIRTUAL_HOST = "192.168.1.114";
|
||||
PIHOLE_DNS_ = "127.0.0.1#5353";
|
||||
REV_SERVER = "true";
|
||||
REV_SERVER_DOMAIN = "router.lan";
|
||||
REV_SERVER_TARGET = "192.168.1.1";
|
||||
REV_SERVER_CIDR = "192.168.1.0/16";
|
||||
DNSMASQ_LISTENING = "local";
|
||||
};
|
||||
extraOptions = [
|
||||
"--network=host"
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services."podman-pihole".postStart = ''
|
||||
sleep 300s
|
||||
|
||||
podman exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
||||
podman exec pihole pihole -a adlist add "https://adaway.org/hosts.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Admiral.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
|
||||
podman exec pihole pihole -a adlist add "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/jdlingyu/ad-wars/master/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Spam/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/static/w3kbl.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/matomo-org/referrer-spam-blacklist/master/spammers.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Shalla-mal.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Spam404/lists/master/main-blacklist.txt"
|
||||
podman exec pihole pihole -a adlist add "https://someonewhocares.org/hosts/zero/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/HorusTeknoloji/TR-PhishingList/master/url-lists.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Ads.txt"
|
||||
podman exec pihole pihole -a adlist add "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
||||
podman exec pihole pihole -a adlist add "https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
|
||||
podman exec pihole pihole -a adlist add "https://hostfiles.frogeye.fr/multiparty-trackers-hosts.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/android-tracking.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/SmartTV.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/Perflyst/PiHoleBlocklist/master/AmazonFireTV.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/RooneyMcNibNug/pihole-stuff/master/SNAFU.txt"
|
||||
podman exec pihole pihole -a adlist add "https://www.github.developerdan.com/hosts/lists/ads-and-tracking-extended.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
|
||||
podman exec pihole pihole -a adlist add "https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
|
||||
podman exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
|
||||
podman exec pihole pihole -a adlist add "https://phishing.army/download/phishing_army_blocklist_extended.txt"
|
||||
podman exec pihole pihole -a adlist add "https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-malware.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://urlhaus.abuse.ch/downloads/hostfile/"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Malware.txt"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/gambling-porn/hosts"
|
||||
podman exec pihole pihole -a adlist add "https://raw.githubusercontent.com/chadmayfield/my-pihole-blocklists/master/lists/pi_blocklist_porn_all.list"
|
||||
podman exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Prigent-Crypto.txt"
|
||||
podman exec pihole pihole -a adlist add "https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
|
||||
|
||||
podman exec pihole pihole -g
|
||||
'';
|
||||
|
||||
services.openssh = {
|
||||
services.pihole = {
|
||||
enable = true;
|
||||
hostConfig = {
|
||||
# define the service user for running the rootless Pi-hole container
|
||||
user = "pihole";
|
||||
enableLingeringForUser = true;
|
||||
|
||||
# we want to persist change to the Pi-hole configuration & logs across service restarts
|
||||
# check the option descriptions for more information
|
||||
persistVolumes = true;
|
||||
|
||||
# expose DNS & the web interface on unpriviledged ports on all IP addresses of the host
|
||||
# check the option descriptions for more information
|
||||
dnsPort = 5335;
|
||||
webProt = 8080;
|
||||
};
|
||||
piholeConfig.ftl = {
|
||||
# assuming that the host has this (fixed) IP and should resolve "pi.hole" to this address
|
||||
# check the option description & the FTLDNS documentation for more information
|
||||
LOCAL_IPV4 = "192.168.0.2";
|
||||
};
|
||||
piholeCOnfig.web = {
|
||||
virtualHost = "pi.hole";
|
||||
password = "password";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [22 80 443];
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [22 80 443 5335 8080];
|
||||
allowedUDPPorts = [5335];
|
||||
};
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
|
|
Loading…
Reference in a new issue